Lucene search
K

1206 matches found

cvelist
cvelist
added 2026/06/08 3:10 p.m.127 views

CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

0.00504EPSS
Exploits0References1
cve
cve
added 2026/06/08 3:10 p.m.96 views

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

6.1CVSS5.2AI score0.00504EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/08 3:7 p.m.12 views

CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free

Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00663EPSS
Exploits0References1
cve
cve
added 2026/06/08 3:7 p.m.415 views

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

9.8CVSS5.4AI score0.00663EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.19 views

PT-2026-47314

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A cross-site scripting issue exists in the HTML directory list generation of mod proxy ftp when listing FTP directory contents through forward or reverse proxy configurations...

9.8CVSS5.2AI score0.97108EPSS
Exploits22References131
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.19 views

PT-2026-47319

Name of the Vulnerable Software and Affected Versions Apache versions prior to 2.4.68 Description A path handling issue in the mod dav fs module allows a WebDAV content author to directly manipulate trusted DAV property databases, which can potentially lead to child process crashes. Recommendatio...

9.8CVSS5.4AI score0.8377EPSS
Exploits6References134
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.22 views

PT-2026-47322

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description Improper Privilege Management allows local .htaccess authors to read files using the privileges of the httpd user. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.4AI score0.97108EPSS
Exploits23References131
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.10 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.67 and earlier have security vulnerabilities, which stem from...

5.5CVSS5.3AI score0.00171EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.14 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There were security vulnerabilities in Apache HTTP Server versions 2.4.0 to 2.4.67. These...

7.5CVSS5.6AI score0.00682EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.8 views

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server from 2.4.0 to 2.4.67 contained a buffer error vulnerability, whi...

6.5CVSS5.5AI score0.00525EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.18 views

PT-2026-47325

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer underwrite issue exists when using crafted regular expressions within the configuration. Recommendations Upgrade to version 2.4.68...

9.8CVSS5.6AI score0.00805EPSS
Exploits0References153
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.20 views

PT-2026-47331

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.55 through 2.4.67 Description A Use After Free issue exists in the mod http2 module of Apache HTTP Server, which occurs when file handles are already exhausted. Use After Free is a memory corruption flaw where a...

9.8CVSS5.4AI score0.97108EPSS
Exploits15References138
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.11 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. There is a bug in Apache HTTP Server involving infinite loops; however, detailed information...

7.3CVSS5.8AI score0.00562EPSS
Exploits0References1
nessus
nessus
added 2026/06/07 12:0 a.m.22 views

Debian dla-4620 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4620 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4620-1 [email protected] https://www.debian.org/lts/security/...

7.5CVSS5.3AI score0.11471EPSS
Exploits8References4
nessus
nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2026-2170)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References4
nessus
nessus
added 2026/06/06 12:0 a.m.27 views

RHEL 8 : httpd:2.4 (RHSA-2026:22140)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22140 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

9.8CVSS6.4AI score0.04409EPSS
Exploits1References14
impervablog
impervablog
added 2026/06/04 3:43 p.m.15 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
osv
osv
added 2026/06/04 12:29 p.m.10 views

USN-8384-1 apache2 vulnerability

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

7.5CVSS5.8AI score0.11471EPSS
Exploits8References2
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.16 views

PT-2026-46876

It was discovered that Apache HTTP Server incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause Apache HTTP Server to consume excessive resources, resulting in a denial of service...

5.8AI score0.11471EPSS
Exploits8References3
osv
osv
added 2026/06/02 12:0 a.m.10 views

ALSA-2026:22551 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

7.5CVSS5.8AI score0.04409EPSS
Exploits1References4
Rows per page
Query Builder