Apache2 - Transfer-Encoding Chunked XSS

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...

[SECURITY] [DLA 4629-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 12, 2026 https://wiki.debian.org/LTS -...

Debian dla-4629 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected]...

ALSA-2026:25225 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

BIT-APACHE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

BIT-APACHE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

BIT-APACHE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

BIT-APACHE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

SUSE CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

SUSE CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

SUSE CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

SUSE CVE-2026-48913

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

CVE-2026-34356

creationtimestamp| type| source ---|---|--- 2026-06-09 00:51:01+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-apache-http-server 2026-06-09 12:35:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnu7hq6yhy25 2026-06-09 18:00:00+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-48913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55...

Linux Distros Unpatched Vulnerability : CVE-2026-44119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the htt...

CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

CVE-2026-34356

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

UBUNTU-CVE-2026-48913

Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67...

UBUNTU-CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

UBUNTU-CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...