mod_proxy_cluster bug fix update

An update is available for modproxycluster. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server tha...

mod_auth_openidc:2.3 security update

An update is available for module.cjose, module.modauthopenidc, modauthopenidc, cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

RLSA-2025:3997 Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...

RLSA-2025:4597 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...

BIT-APACHE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

CVE-2025-30133

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam's Wi-Fi network via the default password...

CVE-2025-30133

Vulnerability: IROAD Dashcam FX2 exposes an unauthenticated HTTP interface (http://192.168.10.1) after connecting to the dashcam’s Wi‑Fi using the default password, bypassing the device pairing/registration process. Root cause: the HTTP server does not enforce pairing restrictions, allowing direc...

CVE-2025-30133

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam's Wi-Fi network via the default password...

PT-2025-31107 · Iroad · Iroad Dash Cam Fx2

Name of the Vulnerable Software and Affected Versions: IROAD Dashcam FX2 affected versions not specified Description: A bypass of the device pairing/registration process was discovered. The HTTP server lacks restrictions, allowing direct access at http://192.168.10.1 after connecting to the...

CVE-2025-30133

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam's Wi-Fi network via the default password...

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

The vulnerability of the Apache HTTP Server’s kernel allows attackers to compromise the integrity of the protected information.

The vulnerability of the Apache HTTP Server’s kernel is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

ROS-20250724-11

Vulnerability in Apache HTTP Server web server kernel is related to access control bypass with resume session resumption in modssl. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the enforced security restrictions...

Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Linux

Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Windows

Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to perform an SSRF attack.

The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2025-54090

A logic flaw has been discovered in Apache HTTP Server version 2.4.64. This vulnerability causes RewriteCond expr directives to always evaluate as true, regardless of the actual condition. This could lead to unintended routing, access control bypasses, or other security policy violations if an...

Security Bulletin: Vulnerability within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Vulnerability within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server has been remediated. Vulnerability Details CVEID:CVE-2025-36038 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to...

K000152694: Apache HTTPD vulnerability CVE-2025-54090

Security Advisory Description A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Impact There is no impact; F5 products are not affected by this vulnerabilit...

CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...