How severe is CVE-2024-42487?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-42487?

This is classified as CWE-113, which is a common weakness in software security.

CVE-2024-42487

MEDIUM Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-113

View all →

Vulnerability Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched. This could result in unexpected behaviour with security This issue is fixed in Cilium v1.15.8 and v1.16.1. There is no workaround for this issue.

CVE-2023-0508

MEDIUM

CVSS:4.3(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. O...

CWE-1132023

CVE-2025-30221

MEDIUM

CVSS:4.3(Medium)

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitc...

CWE-1132025

CVE-2020-3117

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to in...

CWE-1132020

CVE-2017-12309

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the ...

CWE-1132017

CVE-2017-17742

MEDIUM

CVSS:5.3(Medium)

Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP...

CWE-1132017

CVE-2022-20772

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulner...

CWE-1132022

CVE-2024-42487

Vulnerability Description

Related Vulnerabilities

CVE-2023-0508

CVE-2025-30221

CVE-2020-3117

CVE-2017-12309

CVE-2017-17742

CVE-2022-20772