Linux Distros Unpatched Vulnerability : CVE-2021-23797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is. CVE-2021-23797 Note that Nessus relies on the presence o...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

PT-2025-36433

CVE-2025-58907 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58907 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-36450

CVE-2025-58912 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58912 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-36449

CVE-2025-58911 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58911 Published : Sept. 6, 2025, 3:15 a.m. | 3 hours, 53 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

RHSA-2025:15036 Red Hat Security Advisory: httpd security update

Bulletin has no description...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

RHEL 6 : httpd (RHSA-2025:15036)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15036 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP Session Hijack via ...

PT-2025-35823

CVE-2025-58414 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-58414 Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-35842

CVE-2025-58417 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-58417 Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

httpd security update

2.4.62-4.0.1.4 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-4.4 - Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade 2.4.62-4.1 - Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in modssl - Resolves...

ALSA-2025:15095 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

OESA-2025-2076 mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.63 Web Server.CWE is classifying the issue as CWE-617. The product contains an...

PT-2025-35397

CVE-2025-58328 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-58328 Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...