CVE-2025-31492 mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a modauthopenidc results in disclosure of protected content to unauthenticated users. The...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 (RHSA-2025:3452)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3452 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

RHSA-2025:3452 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 security update

Bulletin has no description...

Low: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

PT-2025-14765 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to unvalidated user input in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents a...

PT-2025-14615 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices or real-world incidents are...

PT-2025-14621 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a remote code execution vulnerability. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents...

Moderate: Red Hat Bug Fix Advisory: mod_proxy_cluster bug fix update

An update for modproxycluster is now available for Red Hat Enterprise Linux 9. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Bug Fixes: Rebuild modproxycluster against httpd 2.4.62 JIRA:RHEL-70140 Rebase modproxycluster to upstream...

RLSA-2024:9306 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP response splitting CVE-2023-38709 httpd: HTTP Response Splitting in multiple modules CVE-2024-24795 For more details about the security issues, including the impact, a...

httpd bug fix update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-25193 DESCRIPTION: Harfbuzz is vulnerable to a denial of service, caused by a...

Linux Distros Unpatched Vulnerability : CVE-2021-36160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions...

Linux Distros Unpatched Vulnerability : CVE-2020-11984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2024-24795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cau...

Linux Distros Unpatched Vulnerability : CVE-2019-17567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole...

Linux Distros Unpatched Vulnerability : CVE-2013-1862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which...

Linux Distros Unpatched Vulnerability : CVE-2018-1302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an...

Linux Distros Unpatched Vulnerability : CVE-2012-0053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error...

Linux Distros Unpatched Vulnerability : CVE-2019-10092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the...