CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/07/12 5:16 p.m.•8 views

CVE-2025-23048

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

9.1CVSS6.1AI score0.0097EPSS

Exploits1References3

RedhatCVE•added 2025/07/12 5:16 p.m.•3 views

CVE-2024-47252

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS6.2AI score0.00669EPSS

RedhatCVE•added 2025/07/12 5:16 p.m.•7 views

CVE-2024-43204

A Server-side request forgery SSRF vulnerability exists in Apache httpd when the server has modproxy loaded and is configured with modheaders to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacke...

7.5CVSS6.3AI score0.00774EPSS

RedhatCVE•added 2025/07/12 5:16 p.m.•5 views

CVE-2025-49812

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Mitigation No mitigation is currently available that meets Red Hat Produ...

7.5CVSS5.9AI score0.00516EPSS

RedhatCVE•added 2025/07/12 5:16 p.m.•10 views

CVE-2024-42516

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709...

7.5CVSS6.7AI score0.03914EPSS

Positive Technologies•added 2025/07/12 12:0 a.m.•2 views

PT-2025-29305 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The vulnerability is a denial-of-service issue. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a newer version th...

Positive Technologies•added 2025/07/12 12:0 a.m.•2 views

PT-2025-29302 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

Positive Technologies•added 2025/07/12 12:0 a.m.•4 views

PT-2025-29300 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server contains an issue due to unvalidated user input. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

6.2AI score

Positive Technologies•added 2025/07/12 12:0 a.m.•3 views

PT-2025-29303 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to an authentication bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

6.5AI score

SUSE CVE•added 2025/07/11 11:21 p.m.•8 views

SUSE CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

5.9CVSS7AI score0.03322EPSS

Exploits1References10

Positive Technologies•added 2025/07/11 12:0 a.m.•13 views

PT-2025-29208 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Positive Technologies•added 2025/07/11 12:0 a.m.•1 views

PT-2025-29205 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not being used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Positive Technologies•added 2025/07/11 12:0 a.m.•2 views

PT-2025-29204 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery CSRF issue. Recommendations: At the moment, there is no information about a newer version that contains a fi...

6.5AI score