5836 matches found
mod_auth_openidc:2.3 security update
An update is available for module.cjose, module.modauthopenidc, modauthopenidc, cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...
RLSA-2025:3997 Important: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...
RLSA-2025:4597 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...
BIT-APACHE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)
The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...
Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Linux
Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...
Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Windows
Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...
The vulnerability of the Apache HTTP Server’s kernel allows attackers to compromise the integrity of the protected information.
The vulnerability of the Apache HTTP Server’s kernel is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
ROS-20250724-11
Vulnerability in Apache HTTP Server web server kernel is related to access control bypass with resume session resumption in modssl. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the enforced security restrictions...
The vulnerability of the mod_proxy module in the Apache HTTP Server allows a hacker to perform an SSRF attack.
The vulnerability of the modproxy module in the Apache HTTP Server is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
CVE-2025-54090
A logic flaw has been discovered in Apache HTTP Server version 2.4.64. This vulnerability causes RewriteCond expr directives to always evaluate as true, regardless of the actual condition. This could lead to unintended routing, access control bypasses, or other security policy violations if an...
K000152694: Apache HTTPD vulnerability CVE-2025-54090
Security Advisory Description A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Impact There is no impact; F5 products are not affected by this vulnerabilit...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
Summary of CVE-2025-54090 : The issue affects Apache HTTP Server, specifically version 2.4.64, where all "RewriteCond expr ..." tests evaluate as true due to a bug in the expression evaluation. The remedy is to upgrade to version 2.4.65, which includes the fix. The provided connected documents co...
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
KLA86161 SB vulnerability in Apache HTTP Server
Security vulnerability was found in Apache HTTP Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache HTTP Server 2.4.65 Related products Apache-HTTP-Server CVE list CVE-2025-54090 high Solution Update to the latest version...