Primary

Context

Apache HTTP Server Modules HTTP Response Splitting Vulnerability

Vulnerability

Patched

A vulnerability allowing HTTP response splitting has been identified in multiple Apache HTTP Server modules. This issue arises when the server interacts with untrusted or compromised backend servers, and it can be exploited to manipulate the response headers sent to the client, potentially leading to HTTP desynchronization attacks. The vulnerability affects Apache HTTP Server versions 2.4.0 prior to 2.4.66.

Impact

Exploitation of this vulnerability can cause HTTP response splitting, allowing an attacker to inject malicious headers that are interpreted as part of the response, which can disrupt normal HTTP processing and potentially lead to cache poisoning or information disclosure.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.

Added: May 4, 2026, 3:19 PM

Updated: May 4, 2026, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.4

exploitability

6.4

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.4

exploitability

6.4

remediation

7.7

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Modules HTTP Response Splitting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating