Security Advisory Description null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. (CVE-2024-38477) Impact Attackers can exploit this vulnerability by crafting HTTP requests with deliberately incorrect URL encoding, potentially bypassing security controls that rely on proper URL parsing and authentication. This could result in security breaches, data exposure, or disruptions in service. There is no data plane exposure; this is a control plane issue…Read More