4 matches found
CLSA-2026-1779118679 Fix of 8 CVEs
SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c. - CVE-2026-34032 SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks ...
CLSA-2026-1778847162 httpd: Fix of CVE-2026-28780
CVE-2026-28780: heap-based buffer overflow in ajpmsgcheckheader in modproxyajp when proxying to a malicious AJP backend that returns an oversized response, allowing a 4-byte out-of-bounds write past the heap buffer...
CVE-2026-28780
Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...
Apache Tomcat denial of service (DoS) vulnerability
Overview Apache Tomcat from The Apache Software Foundation contains a denial of service DoS vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. If Tomcat receives a request with an invalid header via the...