15 matches found
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...
Oracle Linux 9 : httpd (ELSA-2026-21391)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21391 advisory. - Resolves: RHEL-173555 - httpd: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-28780 - Resolves:...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update
Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RockyLinux 9 : httpd (RLSA-2026:21391)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due...
SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2026:2104-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2104-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on...
Security update for apache2
This update for apache2 fixes the following issues CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163...
CVE-2026-33857 affecting package httpd for versions less than 2.4.67-1
CVE-2026-33857 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...
apache2-2.4.67-1.1 on GA media (moderate)
apache2-2.4.67-1.1 on GA media Announcement ID: openSUSE-SU-2026:10785-1 Rating: moderate Cross-References: CVE-2026-23918 CVE-2026-24072 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169 CVE-2026-33006 CVE-2026-33007 CVE-2026-33523 CVE-2026-33857 CVE-2026-34032 CVE-2026-34059 CVSS scores:...
[SECURITY] [DLA 4571-1] apache2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4571-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 08, 2026 https://wiki.debian.org/LTS -...
Debian dsa-6248 : apache2 - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6248 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6248-1 [email protected]...
BELL-CVE-2026-33857
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2026-33857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade t...
CVE-2026-33857
CVE-2026-33857 concerns the Apache HTTP Server, specifically the mod_proxy_ajp component, with an out-of-bounds read in AJP getter functions affecting versions up to 2.4.66. Upgrading to version 2.4.67 is the documented fix. The available connected sources confirm the affected product, the vulner...
www/apache24 -- Multiple vulnerabilities
The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857, CVE-2026-28780 multiple modules: CVE-2026-33523 modauthnsocache: CVE-2026-33007 modauthdigest: CVE-2026-33006 moddavlock: moddavlock modmd: CVE-2026-29168 modrewrite: CVE-2026-24072 modhttp2:...