New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

Astra Linux - уязвимость в apache2

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some uses of the legacy content-type-based configuration of handlers. Configurations like “AddType” and similar ones, under certain circumstances where files are requested indirectly, can lead to exposure of local...

Linux Distros Unpatched Vulnerability : CVE-2026-24072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the http...

Astra Linux - уязвимость в apache2

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

Astra Linux - уязвимость в apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for the execution of CGI scripts under an unexpected userid. Users who have access to use the RequestHeader directive in htaccess can exploit this vulnerability. This issue affects Apache HTTP Server versions 2.4....

Astra Linux - уязвимость в apache2

A carefully crafted If: request header can cause a memory read, or a write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

Astra Linux - уязвимость в apache2

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Attacker Lab: CVE-2017-5638 & CVE-2021-41773 A 7-host Docker-...

About the security content of macOS Sonoma 14.8.5

About the security content of macOS Sonoma 14.8.5 This document describes the security content of macOS Sonoma 14.8.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-65082)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-65082 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP...

MiracleLinux 3 : httpd-2.2.3-53.3.0.1.AXS3 (AXSA:2011-346:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-346:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2011-3368 The modproxy module in the...

MiracleLinux 3 : httpd-2.2.3-31.4.0.1.AXS3 (AXSA:2010-165:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-165:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed in this release: CVE-2010-0408 The approxyajpreques...

MiracleLinux 3 : httpd-2.2.3-22.1.1AXS3 (AXSA:2009-63:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-63:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Fixed bugs: CVE-2008-1678 Memory leak in the zlibstatefulinit function in...

Astra Linux - уязвимость в apache2

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

PT-2026-1422

CVE-2025-69290 - Apache Unassigned Vulnerability CVE ID : CVE-2025-69290 Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues...

PT-2026-1423

CVE-2025-69291 - Apache Unassigned Vulnerability CVE ID : CVE-2025-69291 Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues...

TencentOS Server 4: httpd (TSSA-2025:0960)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0960 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

SUSE CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

EUVD-2000-1189

Malware in sbrugna...

EUVD-2003-0130

Malware in sbrugna...