CVE-2026-34032

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

UBUNTU-CVE-2026-28780

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

DEBIAN-CVE-2026-33857

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-33857

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-33857

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-34032

CVE-2026-34032 is a vulnerability in Apache HTTP Server up to version 2.4.66, caused by a missing null-termination check in mod_proxy_ajp (ajp_msg_get_string) that leads to a heap buffer over-read. Affected product: Apache HTTP Server; vulnerable component: mod_proxy_ajp; root cause: missing null...

CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

CVE-2026-34059

CVE-2026-34059 affects Apache HTTP Server up to version 2.4.66, with a vulnerability in the mod_proxy_ajp component: a heap over-read in the ajp_parse_data() path that can lead to memory disclosure. The public description in multiple sources confirms the issue and the recommended mitigation is to...

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier contain a buffer error vulnerability, which...

KLA91019 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...

Astra Linux – Vulnerability in Apache2

In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration, where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the...

Astra Linux – Vulnerability in Apache2

A properly crafted method sent via HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server versions 2.4.17 to 2.4.48...

Astra Linux – Vulnerability in Apache2

In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...

CLSA-2026-1777033551 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible request smuggling via invalid Transfer-Encoding...

CVE-2026-3234

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

CVE-2026-3234 Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

CVE-2026-3234

CVE-2026-3234 affects mod_proxy_cluster. A CRLF injection in the decodeenc() function allows a remote attacker to bypass input validation and corrupt the INFO endpoint responses by injecting CRLF sequences into the cluster configuration. Exploitation requires network access to the MCMP protocol p...