Astra Linux - уязвимость в apache2

In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the HT...

EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2026-1171)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2025-2359)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2025-2328)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...

EulerOS 2.0 SP13 : httpd (EulerOS-SA-2025-2262)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2025-2228)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacke...

F5 Networks BIG-IP : Apache HTTP Server vulnerability (K000152924) (deprecated)

The vendor no longer states that their product is vulnerable. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K000152924. Disabled on 2026/01/29. Advisory states BIG-IP no longer vulnerable...

SUSE CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

SUSE CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

AZL-65109 CVE-2025-53020 affecting package httpd for versions less than 2.4.64-1

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

AZL-65094 CVE-2025-53020 affecting package httpd for versions less than 2.4.64-1

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

AZL-65097 CVE-2025-49812 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

DEBIAN-CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

AZL-65217 CVE-2024-43204 affecting package httpd for versions less than 2.4.64-1

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

AZL-65130 CVE-2024-42516 affecting package mod_http2 1.15.14-2

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

AZL-65214 CVE-2024-42516 affecting package httpd for versions less than 2.4.64-1

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

ALPINE-CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

AZL-65139 CVE-2024-42516 affecting package mod_http2 2.0.29-3

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

UBUNTU-CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

UBUNTU-CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...