Exploit for Improper Privilege Management in Apache Http_Server

🗓️ 05 May 2026 18:48:29Reported by EricRHancock-coderType

githubexploit

githubexploit🔗 github.com👁 196 Views

Local privilege escalation in Apache HTTP Server .htaccess reading with ap_expr in rewrite setenvif.

Reporter	Title	Published	Views	Family All 88
FreeBSD	www/apache24 -- Multiple vulnerabilities	4 May 202600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032]	22 May 202605:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities	11 May 202622:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities within IBM HTTP Server, affect IBM Tivoli Monitoring.	8 Jun 202616:44	–	ibm
ATTACKERKB	CVE-2026-24072	4 May 202612:37	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1720)	26 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : httpd, --advisory ALAS2-2026-3314 (ALAS-2026-3314)	27 May 202600:00	–	nessus
Tenable Nessus	Apache 2.4.x < 2.4.67 Multiple Vulnerabilities	4 May 202600:00	–	nessus
Tenable Nessus	Debian dla-4571 : apache2 - security update	8 May 202600:00	–	nessus
Tenable Nessus	Debian dsa-6248 : apache2 - security update	6 May 202600:00	–	nessus

05 May 2026 18:48Current

6Medium risk

Vulners AI Score6

CVSS 3.18.8

EPSS0.00654

SSVC

Apache HTTP Server htaccess files ap expression mod rewrite mod setenvif privilege escalation