httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 (RHSA-2025:13680)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13680 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTT...

USN-6885-6: Apache HTTP Server regression

USN-6885-1 fixed vulnerabilities in Apache. The patch for CVE-2024-38474 was incomplete and caused a regression. This update provides the fix for this issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. ...

Linux Distros Unpatched Vulnerability : CVE-2020-1927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and...

TencentOS Server 2: httpd (TSSA-2025:0526)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0526 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2025-23048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session...

Logic Error

Apache HTTP Server is vulnerable to a logic error. The vulnerability is due to a flaw in the evaluation of RewriteCond expr directives, which causes all expressions to be treated as true, allowing an attacker to bypass intended rewrite conditions and access or redirect resources unexpectedly...

K000152924: Apache HTTP Server vulnerability CVE-2024-43204

Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...

Security Bulletin: IBM Datapower Operations Dashboard could allow malicious or exploitable backend/content generators CVE-2023-38709

Summary Apache HTTP Server is used to deliver website content over the internet. Vulnerability Details CVEID:CVE-2023-38709 DESCRIPTION: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP...

F5 Networks BIG-IP : Apache HTTP Server vulnerability (K000152924) (deprecated)

The vendor no longer states that their product is vulnerable. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution K000152924. Disabled on 2026/01/29. Advisory states BIG-IP no longer vulnerable...

PT-2025-31957 · Undefined · Undefined

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

The vulnerability of the Apache HTTP Server web server, related to insufficient validation of incoming requests, allows attackers to perform SSRF attacks.

The vulnerability of the Apache HTTP Server is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

The vulnerability of the mod_ssl function in the Apache HTTP Server web server allows a hacker to gain unauthorized access to protected information.

The vulnerability of the modssl function in the Apache HTTP Server is related to access control errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

SUSE CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

DEBIAN-CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

ALPINE-CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

Apache httpd -- evaluation always true

The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2025-16603)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server, which stems from a modproxyhttp2 assertion failure that can be...