K000152922: Apache HTTP server vulnerability CVE-2025-49630

Security Advisory Description In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP...

The vulnerability in the Apache HTTP Server’s web server lies in improper checking of the return value of a function, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Apache HTTP Server is related to improper checking of the return value of a function. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

Security Bulletin: IBM HTTP Server is affected by a security bypass vulnerability due to the included Apache HTTP Server (CVE-2025-54090)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by a security bypass vulnerability due to the included Apache HTTP Server. This affects IBM HTTP Server with IFPH67153 installed. Vulnerability Details CVEID:CVE-2025-54090 DESCRIPTION: A bug in Apache HTTP Server 2.4.64...

Linux Distros Unpatched Vulnerability : CVE-2024-40725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. AddType a...

Linux Distros Unpatched Vulnerability : CVE-2024-43394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache...

Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

...

PT-2025-32350 · Undefined · Undefined

CVE-2025-55024 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-55024 Published : Aug. 6, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-32357 · Undefined · Undefined

CVE-2025-55027 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-55027 Published : Aug. 6, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-32356 · Undefined · Undefined

CVE-2025-55026 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-55026 Published : Aug. 6, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

ROS-20250806-02

A vulnerability in the modauthopenidc module of the Apache HTTP Server HTTPD web server is related to insufficient user data validation when OIDCPreservePost is enabled in modauthopenidc. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2019-10098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and...

Linux Distros Unpatched Vulnerability : CVE-2022-36760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests ...

PT-2025-32256 · Undefined · Undefined

CVE-2025-54979 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-54979 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Linux Distros Unpatched Vulnerability : CVE-2025-49812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack a...

PT-2025-32213 · Undefined · Undefined

CVE-2025-54975 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-54975 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-32212 · Undefined · Undefined

CVE-2025-54974 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-54974 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-32255 · Undefined · Undefined

CVE-2025-54978 - Apache HTTP Server HTTP Header Injection CVE ID : CVE-2025-54978 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-31962 · Undefined · Undefined

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

PT-2025-32253 · Undefined · Undefined

CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution CVE ID : CVE-2025-54976 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

Amazon Linux 2 : httpd (ALAS-2025-2958)

The version of httpd installed on the remote host is prior to 2.4.64-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2958 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response...