CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities related to null...

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier contain a buffer error vulnerability, which...

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.66 and earlier contain security vulnerabilities, which stem fro...

KLA91019 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...

www/apache24 -- Multiple vulnerabilities

The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...

Astra Linux – Vulnerability in Apache2

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

Astra Linux – Vulnerability in Apache2

In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Astra Linux – Vulnerability in Apache2

A carefully crafted request body can cause a read to a random memory area, which may lead to the process crashing. This issue affects Apache HTTP Server 2.4.52 and earlier...

Astra Linux – Vulnerability in Apache2

A out-of-bounds read vulnerability exists in the modmacro module of the Apache HTTP Server. This issue affects the Apache HTTP Server version up to 2.4.57...

Astra Linux – Vulnerability in Apache2

The out-of-bounds write vulnerability in the modsed module of the Apache HTTP Server allows an attacker to overwrite heap memory with data provided by the attacker. This issue affects Apache HTTP Server version 2.4.2.52 and earlier versions...

Astra Linux – Vulnerability in Apache2

apescapequotes may write beyond the end of a buffer when given malicious input. None of the included modules passes untrusted data to these functions, but third-party/external modules may do so. This issue affects Apache HTTP Server 2.4.48 and earlier...

PT-2026-36927

CVE-2026-6481 - Apache HTTP Server Remote Code Execution CVE ID :CVE-2026-6481 Published : May 2, 2026, 11:16 p.m. | 2 hours, 24 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details,...

PT-2026-36748

CVE-2025-8903 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID :CVE-2025-8903 Published : May 1, 2026, 8:16 p.m. | 1 hour, 54 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-2052. Reason: This candidate is a reservation...

Exploit for Path Traversal in Apache Http_Server

Apache HTTP Server 2.4.49 - Path Traversal & RCE CVE-2021-417...

Security Bulletin: Vulnerabilities in httpd affects IBM Netezza Appliance

Summary The httpd package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-58098, CVE-2025-65082, CVE-2025-66200 Vulnerability Details CVEID:CVE-2025-58098 DESCRIPTION: Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled an...

Oracle HTTP Server (April 2026 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and...

Oracle HTTP Server (April 2026 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and...

K000159875: Apache HTTP Server vulnerability CVE-2025-65082

Security Advisory Description Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HT...