5737 matches found
Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1724)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1724 advisory. Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes...
Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...
PT-2026-44503
CVE-2026-42347 - Apache HTTP Server Authentication Bypass CVE ID :CVE-2026-42347 Published : May 26, 2026, 3:16 p.m. | 53 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-28496. Reason: This candidate is a duplicate of CVE-2026-28496. Notes:...
Important: httpd
Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...
Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1720)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1720 advisory. An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to...
Important: mod_http2
Issue Overview: Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. CVE-2026-23918 Affected Packages: modhttp2 Issue Correction: Run dnf...
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/ Vendor Homepage: https://httpd.apache.org/ Software Link:...
[SECURITY] Fedora 43 Update: httpd-2.4.67-1.fc43
The Apache HTTP Server is a powerful, efficient, and extensible web server...
OESA-2026-2402 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users ar...
PT-2026-42908
CVE-2026-8352 - Apache Apache HTTP Server Remote Code Execution CVE ID :CVE-2026-8352 Published : May 21, 2026, 9:16 p.m. | 22 minutes ago Description :Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in...
Astra Linux - уязвимость в apache2
The out-of-bounds write vulnerability in the modsed module of the Apache HTTP Server allows an attacker to overwrite heap memory with data provided by the attacker. This issue affects Apache HTTP Server version 2.4.2.52 and earlier versions...
Astra Linux - уязвимость в apache2
apescapequotes may write beyond the end of a buffer when given malicious input. None of the included modules passes untrusted data to these functions, but third-party/external modules may do so. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux - уязвимость в apache2
In Apache HTTP Server 2.4.59 and earlier, a null pointer dereference vulnerability in modproxy allows an attacker to crash the server through a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
Astra Linux - уязвимость в apache2
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for this vulnerability, but it might be possible to create one. This issue affects Apache HTTP Server 2.4.51 and earlie...
Astra Linux - уязвимость в apache2
A carefully crafted request body can cause a read to a random memory area, which may lead to the process crashing. This issue affects Apache HTTP Server 2.4.52 and earlier...
Astra Linux - уязвимость в apache2
Some modproxy configurations on the Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP Request Smuggling attack. These configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch, where a non-specific pattern matches a portion of the...
Astra Linux - уязвимость в apache2
In certain proxy configurations, a denial-of-service attack against Apache HTTP Server versions 2.4.26 through 2.4.63 can occur when untrusted clients trigger an assertion in modproxyhttp2. The configurations affected include reverse proxies configured for HTTP/2 backends, where ProxyPreserveHost...
Astra Linux - уязвимость в apache2
Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.54 and...
Astra Linux - уязвимость в apache2
A out-of-bounds read vulnerability exists in the modmacro module of the Apache HTTP Server. This issue affects the Apache HTTP Server version up to 2.4.57...
Astra Linux - уязвимость в apache2
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...