5823 matches found
PT-2025-21159 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices or real-world incidents. Recommendations: At the...
Alibaba Cloud Linux 3 : 0162: httpd:2.4 (ALINUX3-SA-2024:0162)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0162 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38476: Vulnerability in core of Apache HTT...
Important: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
PT-2025-20895 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a denial of service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue w...
PT-2025-20898 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an XML Entity Injection vulnerability. No specific details about affected devices, real-world incidents, or technical exploitation details such as API endpoint...
PT-2025-20894 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...
Important: mod_auth_openidc security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...
PT-2025-21639 · Undefined · Undefined
CVE-2025-4668 - Apache HTTP Server Deserialization Vulnerability CVE ID : CVE-2025-4668 Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and...
PT-2025-20893 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure in the Apache HTTP Server. No specific details about the nature of the disclosure or how it can be exploited are provided. There is n...
PT-2025-20610 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unvalidated user input in the Apache HTTP Server. No further details are available regarding the estimated number of potentially affected devices or real-world incidents...
PT-2025-20611 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unvalidated user input in the Apache HTTP Server. No further details are available about the nature of the issue or its potential impact. Recommendations: At the moment,...
PT-2025-20613 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unvalidated redirect in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or real-worl...
[SECURITY] [DSA 5917-1] libapache2-mod-auth-openidc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2025 https://www.debian.org/security/faq -...
RLSA-2024:7457 Moderate: mod_jk bug fix update
The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine. Bug Fixes: Rebase to upstream 1.2.50 release JIRA:Rocky Linux-58855 Security fixes: modjk: information Disclosure / DoS CVE-2024-46544 JIRA:Rocky Linux-59800...
RLSA-2024:4720 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...
RLSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...
Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
About Remote Code Execution & Arbitrary File Reading – Apache HTTP Server (CVE-2024-38475) vulnerability
About Remote Code Execution & Arbitrary File Reading - Apache HTTP Server CVE-2024-38475 vulnerability. Improper escaping of output in modrewrite module leads to remote code execution or arbitrary file reading. Successful exploitation does not require authentication. Apache HTTP Server 2.4.60,...
Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...
PT-2025-20003 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Request Forgery CSRF in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or...