CVE-2024-38473:

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploit Status

Not Exploited

Patch Tuesday

2024-Dec

Released

2024-07-19

Last Updated

2024-12-03

EPSS Score

88.26% (percentile: 99.5%)

Detection & Weaponization (2 sources)

Maturity: Exploit

• Nuclei templates: Apache HTTP Server - ACL Bypass
• GitHub PoC: 2 repositories

Affected Products (4)

Mariner

• CBL Mariner 2.0 x64
• CBL Mariner 2.0 ARM
• Azure Linux 3.0 x64
• Azure Linux 3.0 ARM

Revision History

• 2024-07-19: Information published.
• 2024-08-15: Information published.
• 2024-12-03: Added httpd to CBL-Mariner 2.0 Added httpd to Azure Linux 3.0