Critical Alert 1 Active Exploit Detected Today

CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability →
Powered by CVE Watchtower
×
June 13, 2026

CVE Watchtower


← Back to CVE List

CVE-2024-42516NVD

Vulnerability Summary

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.

This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue.

Users are recommended to upgrade to version 2.4.64, which fixes this issue.
Severity Level
HIGH(7.5)
Published Date
Jul 10, 2025
Last Modified
Jul 29, 2025
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-20: Improper Input Validation β†—
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone

External References