PT-2025-29302 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

SUSE CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

PT-2025-29204 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The Apache HTTP Server is susceptible to a Cross-Site Request Forgery CSRF issue. Recommendations: At the moment, there is no information about a newer version that contains a fi...

Apache HTTP Server 2.4.17 < 2.4.64 DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability via HTTP/2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 2.4.35 < 2.4.64 Access Control Bypass Vulnerability - Windows

Apache HTTP Server is prone to an access control bypass vulnerability in modssl. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache 2.4.x < 2.4.64 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.64. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.64 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can ...

PT-2025-29208 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Apache HTTP Server 2.4.26 < 2.4.64 DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability in modproxyhttp2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2025-29205 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not being used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Apache HTTP Server 2.4.17 < 2.4.64 DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service DoS vulnerability via HTTP/2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

PT-2025-29201

Name of the Vulnerable Software and Affected Versions Apache HTTP Server affected versions not specified Description The communication protocol used between the client and server has a flaw that could be leveraged to execute a man-in-the-middle attack. Recommendations At the moment, there is no...

UBUNTU-CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

Apache HTTP Server 2.4.35 < 2.4.64 Access Control Bypass Vulnerability - Linux

Apache HTTP Server is prone to an access control bypass vulnerability in modssl. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 2.4.26 < 2.4.64 DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service DoS vulnerability in modproxyhttp2. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

CVE-2025-53020

A memory exhaustion flaw has been discovered in the Apache HTTP server. In some instances, the Apache HTTP server fails to free memory. Given sufficient time, this may lead to the host operating system killing the web server in order to reclaim memory. Mitigation Mitigation for this issue is eith...

CVE-2024-43394

A Server-Side Request Forgery SSRF flaw was found in Apache HTTP Server on Windows. This issue can allow NTLM hashes to be leaked to a malicious server via modrewrite or apache expressions that pass unvalidated request input. Mitigation Mitigation for this issue is either not available or the...

AZL-65220 CVE-2025-49630 affecting package httpd for versions less than 2.4.64-1

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...