PT-2025-35841

CVE-2025-58416 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-58416 Published : Sept. 2, 2025, 3:15 a.m. | 1 hour, 37 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-35408

CVE-2025-58333 - Apache HTTPD Cross-Site Request Forgery CVE ID : CVE-2025-58333 Published : Aug. 29, 2025, 3:15 a.m. | 3 hours, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

Linux Distros Unpatched Vulnerability : CVE-2017-6062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and...

Linux Distros Unpatched Vulnerability : CVE-2017-6413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and...

Linux Distros Unpatched Vulnerability : CVE-2007-0086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth...

Linux Distros Unpatched Vulnerability : CVE-2007-1743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other...

Linux Distros Unpatched Vulnerability : CVE-2003-1307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the...

K000153074: Apache HTTP server vulnerability CVE-2024-42516

Security Advisory Description HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the...

Linux Distros Unpatched Vulnerability : CVE-2021-32785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users...

PT-2025-34070 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

Linux Distros Unpatched Vulnerability : CVE-2022-23527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open...

USN-7639-2: Apache HTTP Server vulnerabilities

USN-7639-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and addressed a regression fix LP: 2119395. CVE-2025-49630 and CVE-2025-53020 only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original...

PT-2025-33831 · Undefined · Undefined

CVE-2025-57719 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-57719 Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-33829 · Undefined · Undefined

CVE-2025-57717 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-57717 Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Linux Distros Unpatched Vulnerability : CVE-2022-37436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into...

Linux Distros Unpatched Vulnerability : CVE-2025-54090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to version 2.4.65, which fixes...

PT-2025-33616 · Undefined · Undefined

CVE-2025-55726 - Apache Server Cross-Site Request Forgery CVE ID : CVE-2025-55726 Published : Aug. 15, 2025, 3:15 a.m. | 2 hours, 46 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...