Apache HTTP Server: Critical Vulnerability Leading to Information Disclosure and SSRF

In Apache HTTP Server versions 2.4.59 and earlier a critical severity vulnerability CVE-2024-38476 was detected. This vulnerability allows malicious response headers in backend applications to cause information disclosure, SSRF, or local script execution. To fix this problem, users should upgrade Apache HTTP Server to version 2.4.60. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-38476.