Astra Linux - уязвимость в apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

Apache 2.4.x < 2.4.67 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.67. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.67 advisory. - Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1396)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1242)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 3 : httpd-2.2.3-82.0.1.AXS3 (AXSA:2013-624:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-624:04 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2013-1896 moddav.c in the Apache HTTP...

MiracleLinux 4 : httpd-2.2.15-29.0.1.AXS4 (AXSA:2013-627:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-627:04 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2013-1896 moddav.c in the Apache HTTP...

CVE-2025-65082 Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

Linux Distros Unpatched Vulnerability : CVE-2017-6062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and...

Linux Distros Unpatched Vulnerability : CVE-2022-37436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into...

PT-2025-24053 · Apache · Apache Server

Name of the Vulnerable Software and Affected Versions: Apache Server versions prior to the fixed version Description: An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. This issue affects the Apache Server,...

ABB M2M Gateway HTTP Request Smuggling in embedded Apache HTTP Server (CVE-2023-25690)

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38475link is external Apache HTTP Server Improper Escaping of Output Vulnerability CVE-2023-44221link is external SonicWall SMA100 Appliances OS Command...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

The vulnerability of the Java library for supporting SSH protocols, Apache SSHD, arises due to an incorrect pathname limitation for the restricted access directory. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Java library for supporting SSH protocols, Apache SSHD, is related to an incorrect pathname limitation for the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the mod_lua module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modlua module in the Apache HTTP Server is related to the unlimited distribution of resources when processing the function with zero parameter r:parsebody0. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted HTT...

Server-Side Request Forgery (SSRF) in pimcore/pimcore

Description Your demo server is running in a vulnerable Apache server Apache/2.4.38. The attacker can easily exploit SSRF vulnerability just by visiting a crafted URL. The vulnerability has been discovered few days ago and it relies on modproxy module. I know that this vulnerability is not direct...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server allows a attacker to trigger a service failure.

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server allows for uncontrolled resource consumption, enabling attackers to disclose sensitive information.

The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...