Lucene search
K

5769 matches found

NVD
NVD
added 2025/07/10 5:15 p.m.5 views

CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS0.00679EPSS
Exploits0References4
OSV
OSV
added 2025/07/10 5:15 p.m.5 views

CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS6.9AI score
Exploits0References4
OSV
OSV
added 2025/07/10 5:15 p.m.7 views

AZL-65130 CVE-2024-42516 affecting package mod_http2 1.15.14-2

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS6.5AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:15 p.m.4 views

AZL-65139 CVE-2024-42516 affecting package mod_http2 2.0.29-3

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS5.7AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:15 p.m.5 views

AZL-65166 CVE-2024-42516 affecting package httpd for versions less than 2.4.64-1

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS6.5AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:15 p.m.4 views

ALPINE-CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS6.9AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:15 p.m.4 views

UBUNTU-CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

7.5CVSS6.5AI score0.04409EPSS
Exploits1References6
CVE
CVE
added 2025/07/10 4:59 p.m.579 views

CVE-2025-53020

CVE-2025-53020 affects Apache HTTP Server versions 2.4.17 through 2.4.63. The issue is described as a Late Release of Memory after Effective Lifetime vulnerability. The recommended remediation is to upgrade to version 2.4.64, which fixes the issue. Public references from Debian, Amazon Linux advi...

7.5CVSS6.5AI score0.04409EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/07/10 4:59 p.m.55 views

CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

0.04409EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/10 4:59 p.m.7 views

CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

6.1AI score0.04409EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/07/10 4:59 p.m.9 views

CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

7.5CVSS6.5AI score0.04409EPSS
Exploits1
Cvelist
Cvelist
added 2025/07/10 4:58 p.m.59 views

CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

0.00516EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 4:58 p.m.3 views

CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

6AI score0.00516EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 4:58 p.m.413 views

CVE-2025-49812

CVE-2025-49812 affects Apache HTTP Server (httpd) via mod_ssl in some mod_ssl configurations up to version 2.4.63. An HTTP desynchronisation attack lets a MITM hijack a session during TLS upgrade when SSLEngine optional is used. Upgrading to httpd 2.4.64 (which removes TLS upgrade support) is the...

7.4CVSS6.4AI score0.00516EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2025/07/10 4:58 p.m.6 views

CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS7.2AI score0.00516EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/10 4:58 p.m.3 views

CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS6.4AI score0.00516EPSS
Exploits0
Cvelist
Cvelist
added 2025/07/10 4:57 p.m.54 views

CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

0.01149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 4:57 p.m.4 views

CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

6.1AI score0.01149EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/10 4:57 p.m.4 views

CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

7.5CVSS6.5AI score0.01149EPSS
Exploits0
CVE
CVE
added 2025/07/10 4:57 p.m.325 views

CVE-2025-49630

CVE-2025-49630 affects the Apache HTTP Server (httpd) mod_proxy_http2. In certain reverse-proxy configurations (HTTP/2 backend and ProxyPreserveHost set to “on”), untrusted clients can trigger an assertion in mod_proxy_http2, causing a denial-of-service on affected 2.4.26–2.4.63 servers. Connecte...

7.5CVSS6.5AI score0.01149EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder