CVE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

PT-2025-18145 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache httpd mod auth openidc module affected versions not specified Description: A flaw in the mod auth openidc module for Apache httpd allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request...

CVE-2025-4007

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644. Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack c...

Tenda W12/i24 Stack Overflow Vulnerability

The Tenda W12 and i24 is a wireless router made by Tenda. A stack overflow vulnerability exists in Tenda W12 and i24. The vulnerability originates from the function cgiPingSet in the /bin/httpd file.No detailed vulnerability details are available at this time...

CVE-2025-3820

A vulnerability was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644 and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-3802

A vulnerability was found in Tenda W12 and i24 3.0.0.42887/3.0.0.53644. It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely...

Tenda i24和Tenda W12 安全漏洞

The Tenda W12 and i24 is a wireless router made by Tenda. A stack overflow vulnerability exists in Tenda W12 and i24. The vulnerability originates from the function cgiPingSet in the /bin/httpd file.No detailed vulnerability details are available at this time...

Security update for Multi-Linux Manager 5.0: Server, Proxy and Retail Server

Description: This update fixes the following issues: proxy-helm: Version 5.0.12: Image rebuilt to the newest version with updated dependencies proxy-httpd-image: Version 5.0.10: Fixed wrong IP address set on susemanager-tftpsync-recv.conf Image rebuilt to the newest version with updated...

RHEL 6 / 7 : php54-php (RHSA-2015:1219)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1219 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart...

RHEL 6 / 7 : httpd24-httpd (RHSA-2015:1666)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1666 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the wa...

PT-2025-18050 · Tenda · Tenda I24 +1

Name of the Vulnerable Software and Affected Versions: Tenda W12 and i24 versions 3.0.0.42887 through 3.0.0.53644 Description: A critical vulnerability was found in the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to...

(Pwn2Own) Lexmark CX331adwe httpd extract-trace Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Lexmark CX331adwe printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the httpd...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVE's and this bulletin contains information regarding the vulnerability and its fixture Vulnerability Details CVEID:CVE-2019-10082 DESCRIPTION: Apache HTTP Server could allow a remote...

RLSA-2024:9306 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response splitting CVE-2023-38709 httpd: HTTP Response Splitting in multiple modules CVE-2024-24795 For more details about the security issues, including the impact, a...

httpd bug fix update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

CLSA-2025-1741635876 httpd: Fix of CVE-2022-30522

CVE-2022-30522: fix possible DoS...

Linux Distros Unpatched Vulnerability : CVE-2017-15715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end o...

Linux Distros Unpatched Vulnerability : CVE-2017-15710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header...

Linux Distros Unpatched Vulnerability : CVE-2017-3167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the apgetbasicauthpw by third- party modules outside of the authentication phase may lead to...