CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

976 matches found

RedHat Linux•added 2026/01/06 5:34 p.m.•4 views

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.3CVSS7.2AI score0.00018EPSS

Exploits0References2

Tenable Nessus•added 2026/01/05 12:0 a.m.•2 views

RHEL 8 : httpd:2.4 (RHSA-2026:0012)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0012 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: modmd: Apache HTTP...

8.3CVSS5.7AI score0.00048EPSS

Exploits0References6

Amazon•added 2026/01/05 12:0 a.m.•65 views

Important: httpd

Issue Overview: An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache...

8.3CVSS7.2AI score0.00145EPSS

Exploits0

OSV•added 2025/12/22 12:0 a.m.•7 views

ALSA-2025:23919 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 httpd:...

8.3CVSS6.8AI score0.00145EPSS

Exploits0References8

AlmaLinux•added 2025/12/22 12:0 a.m.•3 views

Important: httpd security update

8.3CVSS7AI score0.00145EPSS

Exploits0References8

Tenable Nessus•added 2025/12/09 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2025-991046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991046 advisory. In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumptio...

9.1CVSS7.4AI score0.00047EPSS

Exploits1References3

OSV•added 2025/12/05 11:15 a.m.•0 views

AZL-71596 CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

6.5CVSS5.7AI score0.00145EPSS

Exploits0References1

OSV•added 2025/12/05 11:15 a.m.•0 views

AZL-71863 CVE-2025-55753 affecting package httpd for versions less than 2.4.66-1

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

7.5CVSS7.1AI score0.00048EPSS

Exploits0References1

Tenable Nessus•added 2025/12/04 12:0 a.m.•2 views

FreeBSD : Apache httpd -- Multiple vulnerabilities (6ebe4a30-d138-11f0-af8c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6ebe4a30-d138-11f0-af8c-8447094a420f advisory. The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details. Tenable ha...

8.3CVSS7.5AI score0.00145EPSS

Exploits0References7

Rosalinux•added 2025/12/02 1:16 p.m.•5 views

Advisory ROSA-SA-2025-3082

Software: httpd 2.4.6 OS: rosa-server79 unaffected versions = httpd-2.4.6-99.0.7.res7.1 affected versions httpd-2.4.6-99.0.7.res7.1 CVE-ID: CVE-2024-47252 BDU-ID: 2025-08958 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modssl function of the Apache HTTP Server web server is related to a failu...

7.5CVSS7.1AI score0.005EPSS

Exploits0

IBM Security Bulletins•added 2025/11/20 6:9 a.m.•10 views

Security Bulletin: Vulnerabilities in httpd library (CVE-2024-47252, CVE-2025-23048, CVE-2025-49630) affect Power HMC.

Summary The httpd library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47252 DESCRIPTION: Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS...

9.1CVSS7.5AI score0.04674EPSS

Exploits1Affected Software1

OSV•added 2025/10/10 5:50 a.m.•3 views

RLSA-2025:14983 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 For more details about the security...

7.5CVSS6.9AI score0.04674EPSS

Exploits0References2