11629 matches found
PT-2025-27074 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...
PT-2025-27059 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a command injection problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...
PT-2025-27061 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Scripting problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
PT-2025-27058 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an arbitrary file download in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or real-world...
CVE-2025-6526
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...
undertow: AJP Request closes connection exceeding maxRequestSize
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...
PT-2025-26699 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a command injection problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...
PT-2025-26676 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue allows an attacker to consume all available session slots, blocking other users from logging in and preventing legitimate users from accessing the product...
PT-2025-26702 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns HTTP Request Smuggling in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or real-world...
PT-2025-26701 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a command injection problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...
PT-2025-26703 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No further details are provided about the nature of the issue, affected devices, or real-world incidents. Recommendations: At the momen...
PT-2025-26704 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Stored XSS in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents...
ALSA-2025:9466 Moderate: mod_proxy_cluster security update
The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
CVE-2025-6526
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...
CVE-2025-6526 70mai M300 HTTP Server insufficiently protected credentials
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...
CVE-2025-6526
CVE-2025-6526 affects 70mai M300 up to 20250611, specifically the HTTP Server component. The vulnerability arises from insufficient protection of credentials, enabling an attack that can be performed from within the local network. The documented attack complexity is high and exploitation is descr...
Important: Red Hat Security Advisory: mod_auth_openidc security update
An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Advisory ROSA-SA-2025-2902
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2901
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...
Advisory ROSA-SA-2025-2900
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...