5772 matches found
BIT-APACHE-2024-43394 Apache HTTP Server: SSRF on Windows due to UNC paths
Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...
BIT-APACHE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header
SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...
BIT-APACHE-2024-42516 Apache HTTP Server: HTTP response splitting
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...
PT-2025-29701 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information...
PT-2025-29700 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The provided descriptions indicate a cross-site request forgery issue. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information...
PT-2025-29703 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The vulnerability is a cross-site request forgery. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a newer version...
PT-2025-29699 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue is a Cross-Site Request Forgery. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a newer versio...
PT-2025-30579
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.64 Description A flaw exists in Apache HTTP Server where all "RewriteCond expr ..." tests evaluate as true. Recommendations Upgrade to version 2.4.65...
PT-2025-29702 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue concerns a cross-site request forgery. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a newer...
PT-2025-29698 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache Apache HTTP Server affected versions not specified Description: The reported issue concerns an authentication bypass. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a new...
[SECURITY] Fedora 42 Update: httpd-2.4.64-1.fc42
The Apache HTTP Server is a powerful, efficient, and extensible web server...
CVE-2024-43204
A Server-side request forgery SSRF vulnerability exists in Apache httpd when the server has modproxy loaded and is configured with modheaders to modify the Content-Type header in the HTTP request or response using a value supplied by the user. Under this configuration, this flaw allows an attacke...
CVE-2024-47252
A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...
CVE-2025-23048
An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...
CVE-2025-49630
An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS. Mitigation No mitigation is currently available that meets Red Hat...
CVE-2025-49812
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Mitigation No mitigation is currently available that meets Red Hat Produ...
CVE-2024-42516
A flaw was found in httpd. The response headers are not sanitized before an HTTP response is sent when a malicious backend can insert a Content-Type, Content-Encoding, or some other headers. These issues lead to HTTP response splitting. This CVE provides a "complete" fix for CVE-2023-38709...
PT-2025-29303 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to an authentication bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
PT-2025-29305 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The vulnerability is a denial-of-service issue. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a newer version th...
PT-2025-29300 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server contains an issue due to unvalidated user input. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...