Lucene search
K

5769 matches found

CVE
CVE
added 2025/12/05 10:17 a.m.705 views

CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

7.5CVSS6.5AI score0.00771EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/05 10:17 a.m.72 views

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

0.00771EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 10:12 a.m.70 views

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

0.00402EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 10:12 a.m.491 views

CVE-2025-55753

CVE-2025-55753 affects Apache HTTP Server (2.4.30–2.4.65). The issue is an integer overflow during failed ACME certificate renewals that, after ~30 days in default configs, causes the backoff timer to become 0. Thereafter, renewal attempts occur repeatedly without delays until success, potentiall...

7.5CVSS6.8AI score0.00402EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.2 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...

5.4CVSS7.1AI score0.00569EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-65082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration...

6.5CVSS6.9AI score0.00758EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-66200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can...

5.4CVSS6.8AI score0.00569EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.3 views

Apache HTTP Server 2.4.7 - 2.4.65 Authentication Bypass Vulnerability - Windows

Apache HTTP Server is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS7AI score0.00569EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.2 views

Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Windows

Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.8AI score0.00758EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.4 views

Apache HTTP Server < 2.4.66 SSI Vulnerability - Linux

Apache HTTP Server is prone to a Server Side Includes SSI vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.3CVSS6.8AI score0.015EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.2 views

Apache HTTP Server 2.4.30 - 2.4.65 Integer Overflow Vulnerability - Linux

Apache HTTP Server is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.8AI score0.00402EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.1 views

Apache HTTP Server 2.4.x < 2.4.66 Improper Neutralization Vulnerability - Linux

Apache HTTP Server is prone to an improper neutralization vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.8AI score0.00758EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/04 12:0 a.m.2 views

Apache HTTP Server 2.4.7 - 2.4.65 Authentication Bypass Vulnerability - Linux

Apache HTTP Server is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS7AI score0.00569EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2025/12/03 4:52 p.m.7 views

K000158042: Apache HTTP server vulnerabilities CVE-2024-47252 and CVE-2025-49812

Security Advisory Description CVE-2024-47252 Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/Transport Layer Security TLS client to insert escape characters into log files in some configurations. In a logging configuration whe...

7.5CVSS7.8AI score0.00669EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.3 views

PT-2025-48329

CVE-2025-66233 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-66233 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.3 views

PT-2025-48330

CVE-2025-66234 - Apache HTTP Server Unauthenticated Remote Code Execution CVE ID : CVE-2025-66234 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2025/11/21 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2025-2440)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01149EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.5 views

PT-2025-47419

CVE-2025-13216 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-13216 Published : Nov. 17, 2025, 7:16 p.m. | 2 hours, 24 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptio...

7.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.5 views

PT-2025-47115

CVE-2025-65070 - Apache HTTP Server Unvalidated User Input Vulnerability CVE ID : CVE-2025-65070 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

6.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/15 12:0 a.m.4 views

PT-2025-47097

CVE-2025-65065 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-65065 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

6.4AI score
Exploits0References1
Rows per page
Query Builder