USN-6885-5: Apache HTTP Server vulnerabilities

USN-6885-1 fixed vulnerabilities in Apache. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this iss...

The vulnerability of the mod_ssl function in the Apache HTTP Server’s web server allows a hacker to cause a service failure.

The vulnerability of the modssl function in the Apache HTTP Server is related to deficiencies in the authentication process when processing the SSLEngine option. Exploiting this vulnerability allows a malicious actor to cause service failures using the TLS protocol...

Azure Linux 3.0 Security Update: httpd (CVE-2025-49630)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-43204)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43204 advisory. - SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL...

CBL Mariner 2.0 Security Update: httpd (CVE-2025-49812)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...

CBL Mariner 2.0 Security Update: httpd (CVE-2025-49630)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...

Azure Linux 3.0 Security Update: httpd (CVE-2025-53020)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53020 advisory. - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apach...

Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

Apache HTTP Server Access Control Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...

Apache HTTP Server server-side request forgery vulnerability (CNVD-2025-16613)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 CVSS score: 7.5, a high-severity path traversal vulnerability in Apache HTTP...

Apache HTTP Server: HTTP response splitting

...

Apache HTTP Server: mod_ssl access control bypass with session resumption

...

Apache HTTP Server: mod_ssl TLS upgrade attack

...

Apache HTTP Server: SSRF with mod_headers setting Content-Type header

...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Apache HTTP Server vulnerabilities (USN-7639-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7639-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could...

USN-7639-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

K000152594: Apache HTTP server vulnerability CVE-2024-43394

Security Advisory Description Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63...

BIT-APACHE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...