Detections
Analytics

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-8338-1)

critical Nessus Plugin ID 320481

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8338-1 advisory.

 It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2023-38709)

 Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2 implementation did not properly reclaim memory when streams were reset by clients. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-45802)

 Keran Mu and Jianjun Chen discovered that Apache HTTP Server incorrectly handled certain response headers.
 An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-24795)

 Orange Tsai discovered that Apache HTTP Server mod_proxy incorrectly handled URL encoding. A remote attacker could possibly use this issue to bypass authentication via crafted requests. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-38473)

 Orange Tsai discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF) via malicious backend response headers. A remote attacker could possibly use this issue to conduct SSRF attacks or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS.
 (CVE-2024-38476)

 Orange Tsai discovered that Apache HTTP Server mod_proxy did not properly handle certain null pointer conditions. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38477)

 Orange Tsai discovered that Apache HTTP Server mod_rewrite could be made to perform server-side request forgery (SSRF) via unsafe RewriteRules. A remote attacker could possibly use this issue to conduct SSRF attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-39573)

 It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-42516)

 It was discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF) via mod_headers modifying Content-Type headers. A remote attacker could possibly use this issue to conduct SSRF attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-43204)

 John Runyon discovered that Apache HTTP Server mod_ssl did not properly escape user-supplied data before writing log entries. A remote attacker could possibly use this issue to insert escape sequences into log files. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-47252)

 Robert Merget discovered that Apache HTTP Server with SSLEngine optional was vulnerable to HTTP desynchronisation attacks. An attacker in a privileged network position could possibly use this issue to hijack HTTP sessions. This issue only affected Ubuntu 14.04 LTS. (CVE-2025-49812)

 It was discovered that Apache HTTP Server mod_md had an integer overflow in the ACME certificate renewal backoff timer. An attacker could possibly use this issue to cause excessive certificate renewal requests.
 This issue only affected Ubuntu 20.04 LTS. (CVE-2025-55753)

 Anthony Parfenov discovered that Apache HTTP Server with SSI enabled and mod_cgid passed shell-escaped query strings to #exec cmd directives. A remote attacker could possibly use this issue to perform command injection. (CVE-2025-58098)

 Mattias sander discovered that Apache HTTP Server incorrectly gave precedence to environment variables from HTTP headers over server-calculated CGI variables. A remote attacker could possibly use this issue to influence the environment of CGI programs. (CVE-2025-65082)

 Mattias sander discovered that Apache HTTP Server mod_userdir with suexec could be caused to run CGI scripts under an unexpected user ID via RequestHeader directives in .htaccess files. An attacker with .htaccess write access could possibly use this issue to bypass suexec user restrictions. (CVE-2025-66200)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-8338-1

Plugin Details

Severity: Critical

ID: 320481

File Name: ubuntu_USN-8338-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/11/2026

Updated: 6/11/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-38476

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork, p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev, p-cpe:/a:canonical:ubuntu_linux:apache2-data, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin, p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker, p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom, p-cpe:/a:canonical:ubuntu_linux:apache2-suexec, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro, p-cpe:/a:canonical:ubuntu_linux:apache2-dev, p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event, p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine, p-cpe:/a:canonical:ubuntu_linux:apache2-utils, p-cpe:/a:canonical:ubuntu_linux:apache2, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-bin, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2026

Vulnerability Publication Date: 10/19/2023

Reference Information

CVE: CVE-2023-38709, CVE-2023-45802, CVE-2024-24795, CVE-2024-38473, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573, CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-49812, CVE-2025-55753, CVE-2025-58098, CVE-2025-65082, CVE-2025-66200

IAVA: 2023-A-0572-S, 2024-A-0202-S, 2024-A-0378-S, 2025-A-0508-S, 2025-A-0889-S

USN: 8338-1