Important: Red Hat Security Advisory: mod_auth_openidc security update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Advisory ROSA-SA-2025-2902

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

Advisory ROSA-SA-2025-2901

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

Advisory ROSA-SA-2025-2900

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...

Advisory ROSA-SA-2025-2899

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...

Important: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...

RHEL 9 : mod_auth_openidc (RHSA-2025:9396)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9396 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...

PT-2025-26649

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue has been found in the HTTP Server component, leading to insufficiently protected credentials. The attack can only be done within the local network and has a high complexity,...

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...

PT-2025-26491 · Undefined · Undefined

CVE-2016-3399 - "CVE-2022-1234: Apache HTTP Server Unauthenticated Remote Code Execution" CVE ID : CVE-2016-3399 Published : June 19, 2025, 9:15 a.m. | 2 hours, 57 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 |...

PT-2025-25629 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Scripting problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

Malicious code in raise-http-server (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec0703ba285b347d94b33a68fa9cf671e9118ede49585fc79f8716d46574e04a Any computer that has this package installed or running should be considered...

MAL-2025-4980 Malicious code in raise-http-server (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec0703ba285b347d94b33a68fa9cf671e9118ede49585fc79f8716d46574e04a Any computer that has this package installed or running should be considered...

TencentOS Server 2: httpd (TSSA-2024:0521)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0521 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 2: httpd (TSSA-2023:0060)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0060 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: httpd (TSSA-2023:0026)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0026 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: httpd:2.4 (TSSA-2022:0023)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0023 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: mod_http2 (TSSA-2023:0047)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0047 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: httpd:2.4 (TSSA-2023:0200)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0200 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: httpd:2.4 (TSSA-2023:0160)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0160 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...