Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2018-11901

Malware in sbrugna...

EUVD-1999-0071

Malware in sbrugna...

EUVD-2017-12293

Malware in sbrugna...

TencentOS Server 3: httpd:2.4/mod_http2 (TSSA-2024:0126)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0126 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

BIT-APACHE-2025-3891

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K23153696)

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. CVE-2020-1927 Impact An attacker can abuse this vulnerability in a phishin...

F5 Networks BIG-IP : Apache HTTPD vulnerability (SOL16907)

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

Oracle Releases Security Alert for Oracle HTTP Server Products

Oracle has released a security alert to address a vulnerability in Apache HTTPD. This vulnerability affects: Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Application Server 10g Release 2,...

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.46 : OS2 device name DoS

Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...

Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

Apache Httpd < 2.0.46 : APR remote crash

A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...

Apache Httpd < 2.0.46 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.44 : Apache can serve unexpected files

On Windows platforms Apache could be forced to serve unexpected files by appending illegal characters such as '' to the request URL...

Apache Httpd < 1.3.26 : Apache Chunked encoding vulnerability

Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

// source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system...

Apache Httpd < 1.3.22 : Multiviews can cause a directory listing to be displayed

A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERYSTRING of M=D could return a directory listing rather than the expected index page...