Lucene search
K

5788 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday2 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS7.9AI score0.01325EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...

9.8CVSS7.2AI score0.11471EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added yesterday3 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6.2AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2 days ago4 views

RLSA-2026:34109 Important: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: incomplete fix for CVE-2023-38709 CVE-2024-42516 httpd: NULL pointer dereference via specially crafted request CVE-2026-29169 httpd: Apache HTTP Server: Heap-based Buffer...

7.7CVSS6AI score0.00805EPSS
Exploits0References8
OSV
OSV
added 3 days ago3 views

OESA-2026-2811 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.CVE-2026-43951 Improper...

6.5CVSS5.9AI score0.00525EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago19 views

Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing...

9.8CVSS7AI score0.41611EPSS
Exploits1Affected Software2
Nuclei
Nuclei
added last week182 views

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...

6.1CVSS6.6AI score0.73981EPSS
Exploits1References6
Nuclei
Nuclei
added last week29 views

Apache HTTP Server - Remote Code Execution

Apache HTTP Server 2.4.32 to 2.4.44 contains an info disclosure and possible remote code execution caused by a vulnerability in modproxyuwsgi, letting remote attackers access sensitive information and potentially execute arbitrary code, exploit requires sending crafted requests. id: CVE-2020-1198...

9.8CVSS7.7AI score0.90039EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/07/01 4:54 p.m.5 views

httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime

A flaw was found in Apache HTTP Server. An out-of-bounds read vulnerability exists when modheaders and modmime are used with multiple response languages. This could allow a remote attacker to disclose sensitive information from memory or cause a denial of service...

6.5CVSS5.7AI score0.00525EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/01 11:4 a.m.7 views

CVE-2026-48913

A flaw was found in the Apache HTTP Server's modhttp2 module. This vulnerability, known as a Use After Free, occurs when the server's file handles are exhausted. An attacker could potentially exploit this to cause a denial of service or, in some cases, execute arbitrary code, leading to system...

7.3CVSS6AI score0.00479EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.10 views

httpd: Apache HTTP Server: Denial of Service via crafted regular expressions

A flaw was found in Apache HTTP Server. This buffer underwrite vulnerability occurs when processing crafted regular expressions in the server's configuration. An attacker could potentially exploit this to cause a denial of service...

9.8CVSS5.9AI score0.00486EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.7 views

httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc

A flaw was found in Apache HTTP Server, specifically within the modxml2enc module. This heap-based buffer overflow vulnerability can be triggered when processing untrusted content through the xml2StartParse function. A remote attacker could potentially exploit this to cause a denial of service,...

7.5CVSS6.4AI score0.0071EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.8 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS6.8AI score0.01325EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.12 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.11471EPSS
Exploits10References15
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 (RHSA-2026:27200)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27200 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTT...

9.8CVSS7.4AI score0.11471EPSS
Exploits9References23
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1859 advisory. Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. CVE-2026-48913...

7.5CVSS5.9AI score0.11471EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.12 views

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1880)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1880 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrad...

9.8CVSS5.9AI score0.00805EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

9.8CVSS6AI score0.00805EPSS
Exploits0References24
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Apache2

Some modproxy configurations on the Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP Request Smuggling attack. These configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch, where a non-specific pattern matches a portion of the...

9.8CVSS6.8AI score0.8377EPSS
Exploits5References2
Rows per page
Query Builder