1208 matches found
Apache2 - Transfer-Encoding Chunked XSS
Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...
mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase
A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...
httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...
Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow
A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...
CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module
Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...
SUSE-SU-2026:2735-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...
httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers
A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users...
httpd: Apache httpd mod_dav_fs: Denial of Service due to path handling issue
A flaw was found in the moddavfs module of Apache HTTP Server. A WebDAV Web Distributed Authoring and Versioning content author could exploit a path handling issue to directly manipulate trusted DAV property databases. This manipulation could potentially lead to child process crashes, resulting i...
Apache HTTP Server: mod_rewrite: Apache HTTP Server: Privilege Escalation via .htaccess file manipulation
A flaw was found in Apache HTTP Server. This escalation of privilege vulnerability allows local attackers, specifically those with the ability to author .htaccess files, to read sensitive files. This flaw enables unauthorized access to files with the privileges of the httpd user, potentially...
httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server
A flaw was found in Apache HTTP Server. This buffer over-read vulnerability occurs when the server processes outbound Online Certificate Status Protocol OCSP requests directed to an attacker-controlled OCSP server. This could allow a remote attacker to read sensitive information from memory or...
SUSE SLES16: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2026:22209-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22209-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957...
CVE-2026-48946
The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...
RHSA-2026:27200 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update
Bulletin has no description...
mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase
A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...
httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...
httpd: NULL pointer dereference via specially crafted request
A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...
mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase
A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...
[SECURITY] [DLA 4629-1] apache2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 12, 2026 https://wiki.debian.org/LTS -...
Debian dla-4629 : apache2 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected]...
ALSA-2026:25225 Important: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...