K000161669: Apache HTTP Server vulnerabilities CVE-2026-24072 and CVE-2026-23918

Security Advisory Description CVE-2026-24072 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in each server's...

Astra Linux - уязвимость в apache2

A carefully crafted If: request header can cause a memory read, or a write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...

Linux Distros Unpatched Vulnerability : CVE-2026-24072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the http...

Astra Linux – Vulnerability in Apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...

Astra Linux – Vulnerability in Apache2

Splitting HTTP responses across multiple modules in the Apache HTTP Server allows an attacker who can inject malicious response headers into backend applications to carry out an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Attacker Lab: CVE-2017-5638 & CVE-2021-41773 A 7-host Docker-...

About the security content of macOS Sonoma 14.8.5

About the security content of macOS Sonoma 14.8.5 This document describes the security content of macOS Sonoma 14.8.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or release...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-65082)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-65082 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP...

MiracleLinux 3 : httpd-2.2.3-31.4.0.1.AXS3 (AXSA:2010-165:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-165:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed in this release: CVE-2010-0408 The approxyajpreques...

MiracleLinux 3 : httpd-2.2.3-53.3.0.1.AXS3 (AXSA:2011-346:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-346:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2011-3368 The modproxy module in the...

MiracleLinux 3 : httpd-2.2.3-22.1.1AXS3 (AXSA:2009-63:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-63:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Fixed bugs: CVE-2008-1678 Memory leak in the zlibstatefulinit function in...

Astra Linux – Vulnerability in Apache2

A vulnerability in the Apache HTTP Server’s AllowOverride FileInfo directive allows for bypassing moduserdir+suexec. Users who have access to use the RequestHeader directive in htaccess can cause certain CGI scripts to run under an unexpected userid. This issue affects the Apache HTTP Server...

Astra Linux – Vulnerability in Apache2

Double-free operations and a potential RCE vulnerability exist in the Apache HTTP Server with the HTTP/2 protocol. This issue affects the Apache HTTP Server version 2.4.66. Users are recommended to upgrade to version 2.4.67, as this version fixes the vulnerability...

PT-2026-1422

CVE-2025-69290 - Apache Unassigned Vulnerability CVE ID : CVE-2025-69290 Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues...

PT-2026-1423

CVE-2025-69291 - Apache Unassigned Vulnerability CVE ID : CVE-2025-69291 Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues...

TencentOS Server 4: httpd (TSSA-2025:0960)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0960 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

SUSE CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

EUVD-2001-1053

Malware in sbrugna...

EUVD-2003-0983

Malware in sbrugna...