Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5741 matches found

OpenVAS
OpenVASadded 2025/05/19 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-1491)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.93858EPSS
Exploits5References4
OpenVAS
OpenVASadded 2025/05/19 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-1463)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.9AI score0.93858EPSS
Exploits5References4
Tenable Nessus
Tenable Nessusadded 2025/05/17 12:0 a.m.16 views

EulerOS Virtualization 2.12.0 : httpd (EulerOS-SA-2025-1561)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

6.2CVSS7AI score0.25097EPSS
Exploits3References2
Tenable Nessus
Tenable Nessusadded 2025/05/17 12:0 a.m.10 views

EulerOS Virtualization 2.12.1 : httpd (EulerOS-SA-2025-1546)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

6.2CVSS7AI score0.25097EPSS
Exploits3References2
Tenable Nessus
Tenable Nessusadded 2025/05/16 12:0 a.m.23 views

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-43622)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43622 advisory. - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block...

7.5CVSS7.3AI score0.59544EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/05/16 12:0 a.m.41 views

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2023-45802)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45802 advisory. - When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's...

5.9CVSS7.2AI score0.02793EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/05/16 12:0 a.m.34 views

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-25690)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25690 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...

9.8CVSS7AI score0.67011EPSS
Exploits5References2
Tenable Nessus
Tenable Nessusadded 2025/05/16 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2023-43622)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-43622 advisory. - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block...

7.5CVSS7.3AI score0.59544EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/05/16 12:0 a.m.28 views

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-45802)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45802 advisory. - When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's...

5.9CVSS7.2AI score0.02793EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/05/16 12:0 a.m.9 views

Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2022-37436)

The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37436 advisory. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...

5.3CVSS7.2AI score0.00539EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/05/14 12:0 a.m.23 views

Alibaba Cloud Linux 3 : 0084: httpd:2.4 (ALINUX3-SA-2024:0084)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0084 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-27316: HTTP/2 incoming headers exceeding t...

7.5CVSS7.5AI score0.87555EPSS
Exploits2References2
OSV
OSVadded 2025/05/13 5:37 a.m.9 views

BIT-APACHE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS7.3AI score0.01013EPSS
Exploits0References5
Rockylinux
Rockylinuxadded 2025/05/07 7:11 p.m.71 views

httpd:2.4 security update

An update is available for modhttp2, modmd, module.modhttp2, httpd, module.httpd, module.modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

9.8CVSS8.7AI score0.93858EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2025/05/06 8:23 p.m.2 views

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.8AI score0.01013EPSS
Exploits0References6
NVD
NVDadded 2025/04/29 12:15 p.m.11 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS0.01013EPSS
Exploits0References14
OSV
OSVadded 2025/04/29 12:15 p.m.5 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS6.7AI score0.01013EPSS
Exploits0References14
CVE
CVEadded 2025/04/29 11:56 a.m.100 views

CVE-2025-3891

CVE-2025-3891 affects the Apache httpd mod_auth_openidc module. A remote, unauthenticated attacker can cause a DoS by sending an empty POST when the OIDCPreservePost directive is enabled, crashing the server and impacting availability. Evidence from multiple advisories confirms the issue and ment...

7.5CVSS5.2AI score0.01013EPSS
Exploits0References14Affected Software1
Vulnrichment
Vulnrichmentadded 2025/04/29 11:56 a.m.6 views

CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS5.3AI score0.01013EPSS
Exploits0References13
Debian CVE
Debian CVEadded 2025/04/29 11:56 a.m.4 views

CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS6AI score0.01013EPSS
Exploits0
Cvelist
Cvelistadded 2025/04/29 11:56 a.m.17 views

CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

7.5CVSS0.01013EPSS
Exploits0References13
Rows per page
Query Builder