[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2024-0118":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":51,"epss":9,"epss_history":52,"metrics":53,"affected":54},"MGASA-2024-0118","Updated apache packages fix security vulnerabilities\n\nApache has been updated to version 2.4.59 to fix CVE-2024-27316,\nCVE-2024-24795 and CVE-2023-38709.\nCVE-2024-27316: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on\nendless continuation frames (cve.mitre.org)\nHTTP/2 incoming headers exceeding the limit are temporarily buffered in\nnghttp2 in order to generate an informative HTTP 413\nresponse. If a client does not stop sending headers, this leads\nto memory exhaustion.\nCredits: Bartek Nowotarski (https://nowotarski.info/)\nCVE-2024-24795: Apache HTTP Server: HTTP Response Splitting in multiple\nmodules (cve.mitre.org)\nHTTP Response splitting in multiple modules in Apache HTTP Server allows\nan attacker that can inject malicious response\nheaders into backend applications to cause an HTTP desynchronization\nattack.\nUsers are recommended to upgrade to version 2.4.59, which fixes this\nissue.\nCredits: Keran Mu, Tsinghua University and Zhongguancun Laboratory.\nCVE-2023-38709: Apache HTTP Server: HTTP response splitting\n(cve.mitre.org)\nFaulty input validation in the core of Apache allows malicious or\nexploitable backend/content generators to split HTTP responses.\nThis issue affects Apache HTTP Server: through 2.4.58.\nCredits: Orange Tsai (@orange_8361) from DEVCORE\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2024-27316",{"_key":17},"CVE-2024-24795",{"_key":19},"CVE-2023-38709",[],[],[23,24,25],{"_key":19},{"_key":17},{"_key":15},"2024-04-10T04:03:52Z","2026-04-16T04:22:04.705502Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,47],{"url":32,"sources":33,"tags":35},"https://advisories.mageia.org/MGASA-2024-0118.html",[34],"osv_mageia",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugs.mageia.org/show_bug.cgi?id=33059",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://www.openwall.com/lists/oss-security/2024/04/03/16",[34],[41,46],"WEB",{"url":48,"sources":49,"tags":50},"https://nowotarski.info/http2-continuation-flood/",[34],[41,46],[],[],[],[55],{"ecosystem":56,"name":57,"vendor":58,"product":57,"cpe_part":9,"purl_type":59,"purl_namespace":58,"purl_name":57,"source":9,"versions":60},"Mageia","apache","mageia","rpm",[61],{"version":62,"is_range":63,"range_type":64,"version_start":9,"version_start_type":9,"version_end":65,"version_end_type":66,"fixed_in":9},"lt2_4_59_1_mga9",true,"ecosystem","2.4.59-1.mga9","excluding"]