5774 matches found
PT-2025-20610 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unvalidated user input in the Apache HTTP Server. No further details are available regarding the estimated number of potentially affected devices or real-world incidents...
PT-2025-20611 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unvalidated user input in the Apache HTTP Server. No further details are available about the nature of the issue or its potential impact. Recommendations: At the moment,...
PT-2025-20613 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unvalidated redirect in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or real-worl...
[SECURITY] [DSA 5917-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2025 https://www.debian.org/security/faq -...
RLSA-2024:7457 Moderate: mod_jk bug fix update
The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine. Bug Fixes: Rebase to upstream 1.2.50 release JIRA:Rocky Linux-58855 Security fixes: modjk: information Disclosure / DoS CVE-2024-46544 JIRA:Rocky Linux-59800...
RLSA-2024:4720 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...
RLSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability
About Remote Code Execution & Arbitrary File Reading - Apache HTTP Server CVE-2024-38475 vulnerability. Improper escaping of output in modrewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. Apache HTTP Server 2.4.60,...
PT-2025-20003 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Request Forgery CSRF in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or...
ALSA-2025:4597 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...
Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...
PT-2025-20001 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...
PT-2025-20002 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...
PT-2025-20441 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an authentication bypass in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents are...
PT-2025-20322 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a remote command execution in the Apache HTTP Server. No specific details about the number of potentially affected devices or real-world incidents are provided...
PT-2025-20323 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a Cross-Site Request Forgery in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or...
Apache HTTP Server Improper Escaping of Output Vulnerability
Apache HTTP Server contains an improper escaping of output vulnerability in modrewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code...
Advisory ROSA-SA-2025-2860
Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...
Advisory ROSA-SA-2025-2859
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracl...