PT-2025-14765 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to unvalidated user input in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents a...

CVE-2025-1734

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

CVE-2025-1734

CVE-2025-1734 affects PHP’s HTTP stream wrapper header parsing: headers missing a colon are treated as valid, potentially letting applications accept invalid headers. Affected branches include PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. Mitigations/u...

CVE-2025-30221

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available...

CVE-2025-30221

Summary (CVE-2025-30221): Pitchfork is a Rack-based HTTP server. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used with Rack 3. The issue is fixed in Pitchfork 0.11.0. Affected: Pitchfork

Moderate: Red Hat Bug Fix Advisory: mod_proxy_cluster bug fix update

An update for modproxycluster is now available for Red Hat Enterprise Linux 9. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Bug Fixes: Rebuild modproxycluster against httpd 2.4.62 JIRA:RHEL-70140 Rebase modproxycluster to upstream...

RLSA-2024:9306 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response splitting CVE-2023-38709 httpd: HTTP Response Splitting in multiple modules CVE-2024-24795 For more details about the security issues, including the impact, a...

httpd bug fix update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

Metasploit Weekly Wrap-Up 03/14/25

New module content 1 InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y Type: Exploit Pull request: 19950 contributed by h00die-gr3y Path: linux/http/invoiceshelfunauthrcecve202455556 AttackerKB reference: CVE-2024-55556...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

Linux Distros Unpatched Vulnerability : CVE-2020-11984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2021-36160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions...

Linux Distros Unpatched Vulnerability : CVE-2024-24795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cau...

Linux Distros Unpatched Vulnerability : CVE-2018-1302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an...

Linux Distros Unpatched Vulnerability : CVE-2014-7169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows...

Linux Distros Unpatched Vulnerability : CVE-2016-4975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32...

Linux Distros Unpatched Vulnerability : CVE-2015-3183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to condu...

Linux Distros Unpatched Vulnerability : CVE-2018-1301

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by...