CVE-2024-43204

A Server-side request forgery SSRF vulnerability exists in Apache httpd when the server has modproxy loaded and is configured with modheaders to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacke...

CVE-2025-23048

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

CVE-2025-49630

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS. Mitigation No mitigation is currently available that meets Red Hat...

CVE-2025-49812

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Mitigation No mitigation is currently available that meets Red Hat Produ...

CVE-2024-42516

A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709...

PT-2025-29303 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to an authentication bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-29305 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The vulnerability is a denial-of-service issue. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a newer version th...

PT-2025-29300 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server contains an issue due to unvalidated user input. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-29302 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

SUSE CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

PT-2025-29204 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery CSRF issue. Recommendations: At the moment, there is no information about a newer version that contains a fi...

Apache HTTP Server 2.4.17 < 2.4.64 DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability via HTTP/2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 2.4.35 < 2.4.64 Access Control Bypass Vulnerability - Windows

Apache HTTP Server is prone to an access control bypass vulnerability in modssl. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

PT-2025-29208 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Apache HTTP Server 2.4.26 < 2.4.64 DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability in modproxyhttp2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache 2.4.x < 2.4.64 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.64. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.64 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can ...

PT-2025-29205 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not being used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Apache HTTP Server 2.4.17 < 2.4.64 DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service DoS vulnerability via HTTP/2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...