Lucene search
K

988 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6.2AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday2 views

httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the ajpparsedata function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially lea...

7.5CVSS7.1AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS6AI score0.00514EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago4 views

mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase

A flaw was found in Apache HTTP Server. This late release of memory after effective lifetime vulnerability allows a remote, unauthenticated attacker to cause a denial of service DoS. The vulnerability can lead to resource exhaustion, making the server unavailable to legitimate users...

7.5CVSS5.9AI score0.04409EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2 days ago5 views

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...

9.8CVSS6.6AI score0.11471EPSS
Exploits9References8
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.4 views

httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass

A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/30 5:22 p.m.11 views

CVE-2026-29167

A flaw was found in Apache HTTP Server when using the modldap module in a per-directory configuration. This use-after-free vulnerability allows a remote attacker to potentially execute arbitrary code or cause a denial of service DoS due to improper memory handling. This could lead to system...

9.8CVSS6.2AI score0.00663EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 7:10 a.m.2 views

SUSE-SU-2026:2641-1 Security update for apache2

This update for apache2 fixes the following issues Update to 2.4.66 jscPED-16334: Security issues: - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in...

9.8CVSS6.6AI score0.01325EPSS
Exploits2References26
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:25 p.m.5 views

CVE-2026-48946

The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...

6.3CVSS6.1AI score0.00167EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.11471EPSS
Exploits9References12
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS6AI score0.00393EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.7 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS6.8AI score0.01325EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.52 and earlier fail to close inbound connections when errors occur during the discarding of the request body, exposing the server to HTTP Request Smuggling attacks...

9.8CVSS7.1AI score0.28189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 2:51 p.m.7 views

CVE-2026-43951

A flaw was found in Apache HTTP Server. An out-of-bounds read vulnerability exists when modheaders and modmime are used with multiple response languages. This could allow a remote attacker to disclose sensitive information from memory or cause a denial of service. Mitigation - Those who do not...

6.5CVSS5.2AI score0.00525EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 12:25 p.m.12 views

OESA-2026-2639 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or...

7.5CVSS5.2AI score0.11471EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.18 views

RHEL 8 : httpd:2.4 (RHSA-2026:25090)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25090 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
OSV
OSV
added 2026/06/10 8:39 a.m.17 views

BIT-APACHE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References16
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.00682EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS5.1AI score0.00504EPSS
Exploits0References3
Rows per page
Query Builder