CVE-2026-23918

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

Astra Linux - уязвимость в apache2

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

Astra Linux - уязвимость в apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for the execution of CGI scripts under an unexpected userid. Users who have access to use the RequestHeader directive in htaccess can exploit this vulnerability. This issue affects Apache HTTP Server versions 2.4....

Astra Linux - уязвимость в apache2

A carefully crafted request URI-path can cause modproxyuwsgi to exceed the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1556)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-58098)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-58098 advisory. - Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but no...

Exploit for Improper Certificate Validation in Apache Http_Server

Uefiscdi-Gov-Ro-Vulnerability- UNTESTED PAYLOADS, WAF-BYPASS,...

SUSE CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987452)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987452 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied b...

CVE-2013-4961

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...

Exploit for OS Command Injection in Php

Incident Response Walkthrough: Mitigating a Zero-Day Attack...

MGASA-2023-0304 Updated apache packages fix security vulnerabilities

Apache has been updated to version 2.4.58 to fix several security issues. CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST cve.mitre.org When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were n...

How to check Apache version of NetScaler

To check which version of Apache is running on NetScaler...

SUSE CVE-2013-4961

Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...

SUSE CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

VulnCheck KEV: CVE-2019-0190

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1...

Issues fixed in Apache web server

Apache has released version 2.4.49 of the Apache Web server. In this version a number of vulnerabilities have been fixed. Please note that the 2.2.x branch is now at the end of the life of the Apache HTTP Server project and there will be no further activity take place, including security updates...

Xiamen Service Cloud Information Technology Co., Ltd. website security dog APACHE version of the existence of webshell bypass vulnerability

Website Security Dog is a server security protection software, is for IDC operators, web hosting service providers, enterprise hosts, server administrators and other users to provide server security prevention of the practical system, is a combination of website content security protection, websi...

Webshell Bypass Vulnerability in Web Security Dog APACHE Version 4.0

Security Dog provides users with lightweight, efficient, reliable and stable cloud security products and a full range of security services. A webshell bypass vulnerability exists in APACHE version 4.0 of Website Security Dog, which can be exploited by attackers to gain access to the control...

CVE-2019-10080

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE and reveal information such as the versions of Java, Jersey, and Apache that the NiFI...