CLSA-2026-1779129849 httpd: Fix of CVE-2026-28780

CVE-2026-28780: modproxyajp: heap-based buffer overflow in ajpmsgcheckheader — message size check did not subtract AJPHEADERLEN, letting a crafted AJP reply write 4 bytes past the end of the heap buffer...

CLSA-2026-1779091399 httpd: Fix of 8 CVEs

CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...

Security Bulletin: Erlang OTP inets httpd Vulnerable to HTTP Request Smuggling via Duplicate Content-Length Headers

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

Apache Tomcat JK Connect <=1.2.44 - Manager Access

Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is so...

CLSA-2026-1778847162 httpd: Fix of CVE-2026-28780

CVE-2026-28780: heap-based buffer overflow in ajpmsgcheckheader in modproxyajp when proxying to a malicious AJP backend that returns an oversized response, allowing a 4-byte out-of-bounds write past the heap buffer...

CLSA-2026-1778789568 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible request smuggling via invalid Transfer-Encoding...

Security Bulletin: Erlang OTP inets httpd HTTP Request Smuggling via Duplicate Content-Length Handling

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

Photon OS 4.0: Httpd PHSA-2026-4.0-1014

An update of the httpd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1014. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EUVD-2026-29966

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-39455

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: httpd: httpd-2.4.67-1.hum1 aarch64, x8664 httpd-core-2.4.67-1.hum1 aarch64, x8664 httpd-devel-2.4.67-1.hum1 aarch64, x8664 httpd-filesystem-2.4.67-1.hum1 noarch httpd-manual-2.4.67-1.hum1 noarch...

CVE-2026-39455 BIG-IP Configuration utility vulnerability

When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...

CVE-2026-39455

CVE-2026-39455 affects the BIG-IP Configuration utility when LDAP authentication is used. Undisclosed traffic can cause the httpd process to exhaust file descriptors, leading to a denial‑of‑service where the Configuration utility stops responding until httpd is restarted. Exploitation: remote, un...

CVE-2026-40435 BIG-IP httpd access control vulnerability

When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-40435

CVE-2026-40435 affects F5 BIG-IP httpd access control. When IP-based restrictions are configured, they do not cover all endpoints, potentially allowing connections from blocked addresses to the control plane HTTP services. Impact is a control-plane issue; exploitation requires valid credentials t...

K000156604: BIG-IP httpd access control vulnerability CVE-2026-40435

Security Advisory Description When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. CVE-2026-40435 Impact This vulnerability allows an attacker to connect to the BIG-IP control plane HTTP services; however, the...

K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455

Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 — Apache modhttp2 Double Free Affected: A...

PT-2026-40640

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.2 F5 BIG-IP versions prior to 17.5.1.6 F5 BIG-IP versions prior to 21.0.0.2 Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication,...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform developed by F5 Technologies in the United States. It integrates functions such as network traffic management, application security management, and load balancing. There is a security vulnerability in F5 BIG-IP. This vulnerability arises from the use ...