Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1125)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1125 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the...

Amazon Linux 2 : httpd (ALAS-2025-2958)

The version of httpd installed on the remote host is prior to 2.4.64-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2958 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Apache HTTP Server vulnerabilities (USN-7639-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7639-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could...

USN-7639-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

KLA85814 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, cause denial of service. Below is a complete list of vulnerabilities: 1. Insufficient...

Advisory ROSA-SA-2025-2901

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

TencentOS Server 3: httpd:2.4 (TSSA-2023:0200)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0200 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0144: httpd:2.4 (ALINUX3-SA-2023:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2006-20001: A carefully crafted If:...

Advisory ROSA-SA-2025-2860

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...

Advisory ROSA-SA-2025-2804

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Apache HTTP Server vulnerabilities (USN-6729-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-1 advisory. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5090-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5090-2 advisory. USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Apache: buffer overflows and a possible information disclosure

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple stack-based buffer overflows in modalias and modrewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute...

iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.03.2002 Apache 1.3.x shared memory scoreboard vulnerabilities 16:00 GMT, October 3, 2002 I. BACKGROUND The Apache Software Foundation's HTTP Server is an effort to develop and maintain an open-source HTTP server for moder...