CVE-2024-42516

HIGH

CVSS v3

7.5

HIGH

EPSS Score

0.9%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.

Technical Details

CVSS v3 Vector
3.1
Published
7/10/2025
Last Modified
11/4/2025

Frequently Asked Questions

What is CVE-2024-42516?

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue.

Is CVE-2024-42516 actively exploited?

Active exploitation of CVE-2024-42516 has not been confirmed. The EPSS score is 0.9%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-42516?

CVE-2024-42516 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.

Is CVE-2024-42516 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.