CVE-2024-24795 Apache Software Foundation CVE debrief

Who should care

Organizations operating Siemens SINEC NMS in industrial control system environments, OT security teams managing network management systems, infrastructure teams relying on Apache HTTP Server in reverse proxy or load balancing configurations, and security operations centers monitoring for HTTP desynchronization attack patterns.

Technical summary

HTTP Response Splitting vulnerability in Apache HTTP Server allows attackers with ability to inject malicious response headers into backend applications to perform HTTP desynchronization attacks. This attack class can lead to request smuggling, cache poisoning, and potential authentication bypass in affected web infrastructure. The vulnerability exists in multiple modules of Apache HTTP Server and is resolved in version 2.4.59. Siemens SINEC NMS incorporates the vulnerable component and requires update to V3.0 SP1 or later for remediation.

Defensive priority

medium

Recommended defensive actions

• Update Siemens SINEC NMS to V3.0 SP1 or later version to remediate this vulnerability
• Review and implement CISA ICS recommended practices for defense-in-depth strategies
• Monitor network traffic for anomalous HTTP request/response patterns that may indicate desynchronization attempts
• Apply principle of least privilege for systems communicating with affected SINEC NMS instances
• Validate that upstream Apache HTTP Server components are updated to version 2.4.59 or later where applicable

Evidence notes

CVE published 2024-11-12 per official record. CISA CSAF advisory ICSA-24-319-04 published same date. Siemens remediation guidance specifies update to V3.0 SP1 or later. CVSS 6.1 (MEDIUM) per source. Not in KEV catalog.

Official resources