5762 matches found
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
Summary of CVE-2025-54090 : The issue affects Apache HTTP Server, specifically version 2.4.64, where all "RewriteCond expr ..." tests evaluate as true due to a bug in the expression evaluation. The remedy is to upgrade to version 2.4.65, which includes the fix. The provided connected documents co...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
KLA86161 SB vulnerability in Apache HTTP Server
Security vulnerability was found in Apache HTTP Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache HTTP Server 2.4.65 Related products Apache-HTTP-Server CVE list CVE-2025-54090 high Solution Update to the latest version...
USN-6885-5: Apache HTTP Server vulnerabilities
USN-6885-1 fixed vulnerabilities in Apache. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this iss...
The vulnerability of the mod_ssl function in the Apache HTTP Server’s web server allows a hacker to cause a service failure.
The vulnerability of the modssl function in the Apache HTTP Server is related to deficiencies in the authentication process when processing the SSLEngine option. Exploiting this vulnerability allows a malicious actor to cause service failures using the TLS protocol...
Azure Linux 3.0 Security Update: httpd (CVE-2025-53020)
The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53020 advisory. - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apach...
CBL Mariner 2.0 Security Update: httpd (CVE-2025-49812)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...
CBL Mariner 2.0 Security Update: httpd (CVE-2025-49630)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...
Azure Linux 3.0 Security Update: httpd (CVE-2025-49630)
The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...
CBL Mariner 2.0 Security Update: httpd (CVE-2024-43204)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43204 advisory. - SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...
Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...
Apache HTTP Server Access Control Error Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...
Apache HTTP Server server-side request forgery vulnerability (CNVD-2025-16613)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 CVSS score: 7.5, a high-severity path traversal vulnerability in Apache HTTP...
Apache HTTP Server: HTTP response splitting
...
Apache HTTP Server: mod_ssl TLS upgrade attack
...
Apache HTTP Server: mod_ssl access control bypass with session resumption
...