Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Commo...

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

RHEL 8 : httpd:2.4 (RHSA-2026:0011)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0011 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...

RHEL 8 : httpd:2.4 (RHSA-2026:0010)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0010 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...

RHEL 6 : httpd (RHSA-2026:0074)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0074 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serve...

RHEL 8 : httpd:2.4 (RHSA-2026:0009)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0009 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...

PT-2026-1232

CVE-2026-21650 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-21650 Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2026-1217

CVE-2026-21644 - Apache HTTP Server Unvalidated Redirect CVE ID : CVE-2026-21644 Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-1218

CVE-2026-21645 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-21645 Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-1219

CVE-2026-21646 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2026-21646 Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-1234

CVE-2026-21652 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-21652 Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2026-1170

CVE-2025-34094 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-34094 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visi...

PT-2026-1172

CVE-2025-34131 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-34131 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visi...

PT-2026-1176

CVE-2025-34166 - Apache HTTP Server Path Traversal CVE ID : CVE-2025-34166 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for more...

PT-2026-1196

CVE-2025-34213 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-34213 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for mor...

PT-2026-1192

CVE-2025-34168 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-34168 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...

PT-2026-1177

CVE-2025-34167 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-34167 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the lin...

PT-2026-1195

CVE-2025-34170 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-34170 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...

PT-2026-1174

CVE-2025-34144 - Apache HTTP Server Remote File Inclusion CVE ID : CVE-2025-34144 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...