Lucene search
K

5789 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

Apache HTTP Server 跨站脚本漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.67 and earlier had a cross-site scripting vulnerability. Thi...

6.1CVSS4.9AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

Apache HTTP Server 资源管理错误漏洞

The Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. The Apache HTTP Server has a memory corruption vulnerability. Attackers can exploit this...

7.3CVSS6.2AI score0.00479EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47317

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A heap-based buffer overflow occurs when interacting with malicious backend servers using ProxyPassReverseCookie. A heap-based buffer overflow is a memory corruption issue where data...

9.8CVSS6.1AI score0.00805EPSS
Exploits0References150
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.14 views

Slackware Linux 15.0 / current httpd Vulnerability (SSA:2026-154-01)

The version of httpd installed on the remote host is prior to 2.4.67. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-154-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

7.5CVSS5.3AI score0.11471EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Apache HTTP Server vulnerability (USN-8384-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8384-1 advisory. It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attack...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References2
OSV
OSV
added 2026/06/04 12:4 p.m.11 views

RLSA-2026:21433 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

8.2CVSS6.3AI score0.01325EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2026/06/04 12:0 a.m.3 views

The vulnerability of the HTTP/2 header processing module in the Apache HTTP Server allows a attacker to cause a service failure.

The vulnerability of the HTTP/2 header processing module in the Apache HTTP Server is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS5.8AI score0.11471EPSS
Exploits8References11Affected Software2
RedHat Linux
RedHat Linux
added 2026/06/03 4:57 a.m.9 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/03 4:53 a.m.24 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

TencentOS Server 3: httpd:2.4 (TSSA-2026:0425)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0425 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS6.8AI score0.04409EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

AlmaLinux 8 : httpd:2.4 (ALSA-2026:22140)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

9.8CVSS6.4AI score0.04409EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.17 views

RockyLinux 8 : httpd:2.4 (RLSA-2026:22140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

9.8CVSS7.6AI score0.04409EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2026/06/01 2:43 a.m.13 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/01 2:43 a.m.24 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS6.5AI score0.01325EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/01 2:43 a.m.70 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.3AI score0.04409EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/05/31 4:5 p.m.108 views

Exploit for Use After Free in Apache Http_Server

CVE-2019-0211 — Apache HTTP Server Local Privilege Escalation...

7.8CVSS7AI score0.65005EPSS
Exploits8
OSV
OSV
added 2026/05/30 6:3 p.m.26 views

RLSA-2026:21391 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

8.2CVSS6.3AI score0.01325EPSS
Exploits0References6
Rockylinux
Rockylinux
added 2026/05/30 6:3 p.m.56 views

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

9.8CVSS6.3AI score0.01325EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2023-38709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP...

7.3CVSS5.8AI score0.03914EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.63 views

AlmaLinux 9 : httpd (ALSA-2026:21391)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...

9.8CVSS6.3AI score0.01325EPSS
Exploits0References7
Rows per page
Query Builder