Lucene search
K

1206 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Cookie header handled by modsession can lead to a NULL pointer derefrence error and system crash, potentially causing a Denial Of Service attack...

7.5CVSS7AI score0.65067EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Apache2

A properly crafted request URI-path can cause modproxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS7.5AI score0.99999EPSS
Exploits5References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Apache2

An attacker who establishes an HTTP/2 connection with an initial window size of 0 was able to indefinitely block the handling of that connection in Apache HTTP Server. This could be used to exhaust server resources, similar to the well-known “slow loris” attack pattern. This issue has been fixed ...

7.5CVSS7.2AI score0.70595EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service...

7.5CVSS7AI score0.49089EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

7.5CVSS7AI score0.19008EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Apache2

If LimitXMLRequestBody is set to allow request bodies larger than 350MB default is 1MB on 32-bit systems, an integer overflow may occur, which can lead to out-of-bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier versions...

9.1CVSS7.3AI score0.41861EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor can the Apache HTTP Server team have created such a report. However, certain compilers and/or compilation options...

7.3CVSS7AI score0.53191EPSS
Exploits0References2
opensuse
opensuse
added 2026/05/17 12:0 a.m.16 views

apache2-2.4.67-1.1 on GA media (moderate)

apache2-2.4.67-1.1 on GA media Announcement ID: openSUSE-SU-2026:10785-1 Rating: moderate Cross-References: CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 CVSS scores:...

9.2CVSS6AI score0.4581EPSS
Exploits18
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.20 views

PT-2026-40647

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 Description IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Recommendations Update to version...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References4
fedora
fedora
added 2026/05/12 12:49 a.m.13 views

[SECURITY] Fedora 44 Update: httpd-2.4.67-1.fc44

The Apache HTTP Server is a powerful, efficient, and extensible web server...

9.8CVSS5.8AI score0.01376EPSS
Exploits0
ibm
ibm
added 2026/05/11 10:12 p.m.13 views

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2026-24072 DESCRIPTION: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier...

9.8CVSS5.8AI score0.01376EPSS
Exploits1Affected Software1
redhatcve
redhatcve
added 2026/05/11 7:5 p.m.16 views

CVE-2026-33857

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References4
osv
osv
added 2026/05/08 11:38 a.m.10 views

CLSA-2026-1778055087 php: Fix of 3 CVEs

CVE-2018-5711: Fix infinite loop in gdImageCreateFromGifCtx libgd when reading crafted GIF - CVE-2018-17082: Fix XSS via Transfer-Encoding: chunked in apache2 SAPI - CVE-2018-10545: Do not set PRSETDUMPABLE by default in php-fpm child...

6.1CVSS6.8AI score0.13204EPSS
Exploits2References1
osv
osv
added 2026/05/07 8:38 a.m.11 views

BIT-APACHE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References3
redhat
redhat
added 2026/05/06 8:55 a.m.48 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: httpd: httpd-2.4.67-0.1.hum1 aarch64, x8664 httpd-core-2.4.67-0.1.hum1 aarch64, x8664 httpd-devel-2.4.67-0.1.hum1 aarch64, x8664 httpd-filesystem-2.4.67-0.1.hum1 noarch httpd-manual-2.4.67-0.1.hu...

8.8CVSS6AI score0.4581EPSS
Exploits17References8
osv
osv
added 2026/05/06 8:39 a.m.7 views

BIT-APACHE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References4
susecve
susecve
added 2026/05/06 1:43 a.m.11 views

SUSE CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.9CVSS5.8AI score0.00628EPSS
Exploits0References10
bdu_fstec
bdu_fstec
added 2026/05/06 12:0 a.m.3 views

The vulnerability of the Apache HTTP Server web server, related to deficiencies in access control, allows attackers to escalate their privileges.

The vulnerability of the Apache HTTP Server is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

9CVSS7.2AI score0.00654EPSS
Exploits1References5Affected Software2
packetstormnews
packetstormnews
added 2026/05/06 12:0 a.m.8 views

Apache HTTP Server 2.4.66 Double-Free / Remote Code Execution

Apache HTTP Server version 2.4.66 suffers from a double-free vulnerability related to the HTTP/2 protocol that can allow for remote code execution...

8.8CVSS6.3AI score0.4581EPSS
Exploits16
osv
osv
added 2026/05/05 2:16 p.m.7 views

DEBIAN-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References1
Rows per page
Query Builder