CVE-2025-7206

A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub410DDC of the file switchlanguage.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated...

PT-2025-29192 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: A critical vulnerability exists in the Tenda O3V2 device. The vulnerability is located within the formWifiMacFilterSet function of the httpd component, specifically in the file...

CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2025-27452

CVE-2025-27452 describes a misconfiguration in the Apache httpd server that serves Endress+Hauser MEAC300-FNADE4. The issue arises from activating modules that are not required for the FNADE4 web application, creating a risk of directory listing. The available connected sources confirm the vulner...

CVE-2025-27452 CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

PT-2025-27781 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The configuration of the Apache httpd webserver is partly insecure due to unnecessary activated modules. These modules pose a risk to the webserver, enabling directory listing...

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

CVE-2025-6931

A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generatepassfrommac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack...

CLSA-2025-1751271625 httpd: Fix of CVE-2020-35452

CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow...

PT-2025-27421 · D Link · D-Link Di-7300G+

Name of the Vulnerable Software and Affected Versions: D-Link DI-7300G+ version 19.12.25A1 Description: A critical issue was found in the httpd debug.asp file, where the manipulation of the Time argument leads to os command injection. The exploit has been disclosed to the public and may be used...

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

Advisory ROSA-SA-2025-2900

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...

TencentOS Server 3: httpd:2.4/mod_http2 (TSSA-2024:0126)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0126 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: httpd:2.4 (TSSA-2024:0217)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0217 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CLSA-2025-1748638011 Update of httpd

ELS-1267: merge spec for centos7, rhel7 and oracle7...

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...

CVE-2024-45414

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...

CVE-2024-0263

A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-46080

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET...