Lucene search
K

126 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago5 views

SUSE SLES12: apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc (SUSE-SU-2026:2641-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2641-1 advisory. This update for apache2 fixes the following issues Update to 2.4.66 jscPED-16334: Security issues: - CVE-2026-23918: http2: double free and...

9.8CVSS7AI score0.4581EPSS
Exploits18References36
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for bypassing moduserdir+suexec. Users who have access to use the RequestHeader directive in htaccess can cause certain CGI scripts to run under an unexpected userid. This issue affects the Apache HTTP Server...

5.4CVSS7.2AI score0.00569EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Apache2

An integer overflow occurs when attempting to renew an ACME certificate. After several attempts approximately 30 days under default configurations, the backoff timer becomes 0. Subsequent attempts to renew the certificate are repeated without delay until success is achieved. This issue affects th...

7.5CVSS7.2AI score0.00402EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/06/10 7:18 p.m.10 views

K000161670: Apache HTTP Server vulnerability CVE-2026-33523

Security Advisory Description HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.4AI score0.00436EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.64 views

📄 Apache HTTP Server 2.4.66 Denial of Service

Apache HTTP Server version 2.4.66 modhttp2 double-free denial of service proof of concept exploit. Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/...

8.8CVSS7.5AI score0.4581EPSS
Exploits16
GithubExploit
GithubExploit
added 2026/05/13 8:24 a.m.89 views

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 — Apache modhttp2 Double Free Affected: A...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
GithubExploit
GithubExploit
added 2026/05/11 2:7 p.m.103 views

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 Double-free in Apache httpd modhttp2 stream c...

8.8CVSS6AI score0.4581EPSS
Exploits16
GithubExploit
GithubExploit
added 2026/05/08 6:28 p.m.192 views

Exploit for Observable Timing Discrepancy in Apache Http_Server

CTT-enhanced-Apache-modauthdigest-timing-attack-exploit CTT-...

4.8CVSS5.8AI score0.00557EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38462

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.21 views

PT-2026-38461

Heap-based Buffer Overflow vulnerability in mod proxy ajp of Apache HTTP Server. If mod proxy ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod proxy ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 8:39 a.m.6 views

BIT-APACHE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 12:31 a.m.7 views

EUVD-2026-27506

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

5.8AI score0.01325EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 10:16 p.m.8 views

DEBIAN-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:16 p.m.3 views

ALPINE-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:16 p.m.6 views

DEBIAN-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:10 p.m.9 views

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/05 1:10 p.m.9 views

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
OSV
OSV
added 2026/05/05 8:39 a.m.7 views

BIT-APACHE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 8:39 a.m.4 views

BIT-APACHE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 8:38 a.m.8 views

BIT-APACHE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

8.8CVSS5.8AI score0.4581EPSS
Exploits16References3
Rows per page
Query Builder