Login Sign Up

CVE-2023-38709

7.3 HIGH

📋 TL;DR

CVE-2023-38709 is an input validation vulnerability in Apache HTTP Server that allows malicious backend applications or content generators to split HTTP responses, potentially enabling response smuggling attacks. This affects Apache HTTP Server versions through 2.4.58. The vulnerability requires a malicious backend component to exploit.

💻 Affected Systems

Products:
  • Apache HTTP Server
Versions: through 2.4.58
Operating Systems: All operating systems running affected Apache versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires a malicious or compromised backend application/content generator to exploit; standard Apache configurations are vulnerable but require attacker-controlled backend.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fabric Operating System by Broadcom

View all CVEs affecting Fabric Operating System →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Http Server by Apache

View all CVEs affecting Http Server →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Ontap by Netapp

View all CVEs affecting Ontap →

Ontap Tools by Netapp

View all CVEs affecting Ontap Tools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform HTTP response smuggling to poison caches, bypass security controls, or conduct cross-user attacks when combined with other vulnerabilities.

🟠

Likely Case

Limited impact requiring a compromised backend application; most likely used for cache poisoning or security control bypass in targeted attacks.

🟢

If Mitigated

With proper backend application security and input validation, risk is significantly reduced as exploitation requires malicious backend components.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires control over backend application or content generator; not directly exploitable via external HTTP requests alone.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.59 and later

Vendor Advisory: https://httpd.apache.org/security/vulnerabilities_24.html

Restart Required: Yes

Instructions:

1. Download Apache HTTP Server 2.4.59 or later from https://httpd.apache.org/download.cgi
2. Stop Apache service
3. Backup configuration files
4. Install new version
5. Restart Apache service

🔧 Temporary Workarounds

Input validation in backend applications

all

Implement strict input validation in all backend applications and content generators to prevent malicious response splitting

Use reverse proxy with response validation

all

Place a reverse proxy with HTTP response validation between Apache and backend applications

🧯 If You Can't Patch

  • Implement strict security controls for all backend applications and content generators
  • Monitor Apache logs for unusual response patterns and implement WAF rules to detect response splitting attempts

🔍 How to Verify

Check if Vulnerable:

Check Apache version with 'httpd -v' or 'apache2 -v' and verify if version is 2.4.58 or earlier

Check Version:

httpd -v 2>/dev/null || apache2 -v 2>/dev/null || apachectl -v 2>/dev/null

Verify Fix Applied:

After patching, verify version is 2.4.59 or later using 'httpd -v' or 'apache2 -v'

📡 Detection & Monitoring

Log Indicators:

  • Unusual response headers
  • Malformed HTTP responses
  • Unexpected response splitting patterns

Network Indicators:

  • HTTP responses with unexpected header injections
  • Cache poisoning attempts

SIEM Query:

source="apache" AND ("malformed response" OR "response splitting" OR unusual header patterns)

📊 Metadata

CVE ID: CVE-2023-38709
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-1284
Published: April 4, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38709, you might also want to check these:

CVE-2024-8887 10.0

CVE-2024-8887 is an authentication bypass vulnerability in CIRCUTOR Q-SMT firmware that allows attac...

Same vulnerability type (CWE-1284)
CVE-2025-55398 9.8

A vulnerability in mouse07410 asn1c through version 0.9.29 allows attackers to bypass INTEGER constr...

Same vulnerability type (CWE-1284)
CVE-2021-31556 9.8

This vulnerability in MediaWiki's OAuth extension allows attackers to cause denial of service or pot...

Same vulnerability type (CWE-1284)