CVE-2024-40761

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Sep 25, 2024

Updated: Nov 21, 2024

CWE ID 326

Summary

CVE-2024-40761 is an Inadequate Encryption Strength vulnerability affecting Apache Answer versions through 1.3.5. This issue stems from the use of MD5 value for email encryption in accessing Gravatar images. Such encryption method is insecure and poses a risk for email leakage. The recommended solution is to upgrade to Apache Answer version 1.4.0, which addresses this vulnerability by implementing SHA256 encryption instead.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/w7N1f2
https://www.cve.org/CVERecord?id=CVE-2024-40761
https://nvd.nist.gov/vuln/detail/CVE-2024-40761

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-40761

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations