5788 matches found
httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...
Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow
A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...
httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...
RLSA-2026:34109 Important: httpd security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: incomplete fix for CVE-2023-38709 CVE-2024-42516 httpd: NULL pointer dereference via specially crafted request CVE-2026-29169 httpd: Apache HTTP Server: Heap-based Buffer...
OESA-2026-2811 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.CVE-2026-43951 Improper...
Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing...
Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...
Apache HTTP Server - Remote Code Execution
Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...
httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime
A flaw was found in Apache HTTP Server. An out-of-bounds read vulnerability exists when modheaders and modmime are used with multiple response languages. This could allow a remote attacker to disclose sensitive information from memory or cause a denial of service...
CVE-2026-48913
A flaw was found in the Apache HTTP Server's modhttp2 module. This vulnerability, known as a Use After Free, occurs when the server's file handles are exhausted. An attacker could potentially exploit this to cause a denial of service or, in some cases, execute arbitrary code, leading to system...
httpd: Apache HTTP Server: Denial of Service via crafted regular expressions
A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service...
httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc
A flaw was found in Apache HTTP Server, specifically within the modxml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service,...
Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow
A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update
Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 (RHSA-2026:27200)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27200 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTT...
Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1859)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1859 advisory. Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. CVE-2026-48913...
Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1880)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1880 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrad...
Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)
The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...
Astra Linux – Vulnerability in Apache2
Some modproxy configurations on the Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP Request Smuggling attack. These configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch, where a non-specific pattern matches a portion of the...