Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

🗓️ 22 Jun 2026 00:00:00Reported by TenableType

Amazon Linux 2 httpd is vulnerable; upgrade to version 2.4.68 to fix multiple issues.

Reporter	Title	Published	Views	Family All 258
IBM Security Bulletins	Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to the included Apache HTTP Server	16 Jun 202614:00	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server	23 Jun 202616:13	–	ibm
FreeBSD	Apache httpd -- Multiple vulnerabilities	8 Jun 202600:00	–	freebsd
ATTACKERKB	CVE-2026-34356	8 Jun 202615:12	–	attackerkb
ATTACKERKB	CVE-2026-44185	8 Jun 202615:22	–	attackerkb
ATTACKERKB	CVE-2026-44119	8 Jun 202615:17	–	attackerkb
ATTACKERKB	CVE-2026-34355	8 Jun 202615:20	–	attackerkb
ATTACKERKB	CVE-2026-43951	8 Jun 202615:16	–	attackerkb
ATTACKERKB	CVE-2026-42536	8 Jun 202615:23	–	attackerkb
ATTACKERKB	CVE-2026-44631	8 Jun 202615:19	–	attackerkb

Source	Link
alas	www.alas.aws.amazon.com//AL2/ALAS2-2026-3379.html
alas	www.alas.aws.amazon.com/faqs.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-29167.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-29170.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-34355.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-34356.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-42535.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-42536.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-43951.html
explore	www.explore.alas.aws.amazon.com/CVE-2026-44119.html

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2026-3379.
##

include('compat.inc');

if (description)
{
  script_id(322004);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/22");

  script_cve_id(
    "CVE-2026-29167",
    "CVE-2026-29170",
    "CVE-2026-34355",
    "CVE-2026-34356",
    "CVE-2026-42535",
    "CVE-2026-42536",
    "CVE-2026-43951",
    "CVE-2026-44119",
    "CVE-2026-44185",
    "CVE-2026-44186",
    "CVE-2026-44631"
  );

  script_name(english:"Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2026-3379 advisory.

    Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration

    This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-29167)

    A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache
    HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy
    configuration.

    Users are recommended to upgrade to version 2.4.68, which fixes this issue. (CVE-2026-29170)

    A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an
    untrusted backend.Users are recommended to upgrade to version 2.4.68, which fixes this issue.
    (CVE-2026-34355)

    Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and
    ProxyPassReverseCookie*

    This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-34356)

    A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to
    directly manipulate trusted DAV property databases, potentially causing child process crashes.

    Users are recommended to upgrade to version 2.4.68, which fixes this issue. (CVE-2026-42535)

    Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and
    untrusted content

    This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-42536)

    Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response
    languages.

    This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. (CVE-2026-43951)

    Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local
    .htaccess authors to read files with the privileges of the httpd user.

    This issue affects Apache HTTP Server: from through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-44119)

    Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled
    OCSP server

    This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-44185)

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache
    HTTP Server with an attacker controlled backend FTP server.

    This issue affects undefined: from 2.4.0 through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-44186)

    Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration.

    This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

    Users are recommended to upgrade to version 2.4.68, which fixes the issue. (CVE-2026-44631)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com//AL2/ALAS2-2026-3379.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-29167.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-29170.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34355.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-34356.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42535.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-42536.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-43951.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-44119.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-44185.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-44186.html");
  script_set_attribute(attribute:"see_also", value:"https://explore.alas.aws.amazon.com/CVE-2026-44631.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update httpd' or
  or 'yum update --advisory ALAS2-2026-3379' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-44631");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-manual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:httpd-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_md");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_proxy_html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_session");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:mod_ssl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm2.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'httpd-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debuginfo-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debuginfo-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-debuginfo-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-devel-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-devel-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-devel-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-filesystem-2.4.68-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-manual-2.4.68-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'httpd-tools-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ldap-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_md-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_md-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_md-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_proxy_html-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_proxy_html-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_proxy_html-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_session-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ssl-2.4.68-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ssl-2.4.68-1.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'mod_ssl-2.4.68-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-debuginfo / httpd-devel / etc");
}

22 Jun 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

EPSS0.00682

SSVC