Lucene search
K

982 matches found

RedHat Linux
RedHat Linux
added 2026/05/27 9:13 p.m.27 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 1:18 p.m.9 views

OESA-2026-2401 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

8.8CVSS5.8AI score0.00654EPSS
Exploits2References10
OSV
OSV
added 2026/05/22 1:18 p.m.17 views

OESA-2026-2399 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes th...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

Improper neutralization of vulnerabilities related to escape, meta, or control sequences in the Apache HTTP Server, caused by unexpected overrides of variables set through the Apache configuration, which override variables calculated by the server for CGI programs. This issue affects the Apache...

6.5CVSS6.8AI score0.00771EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Apache2

An HTTP response smuggling vulnerability exists in the Apache HTTP Server via modproxyuwsgi. This issue affects the Apache HTTP Server: from version 2.4.30 through 2.4.55. Special characters in the origin response header can cause the response forwarded to the client to be truncated or split...

7.5CVSS7.4AI score0.02134EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Apache2

When an HTTP/2 stream is reset by a client via an RST frame, there is a time window during which the memory resources associated with the request are not immediately reclaimed. Instead, the deallocation of these resources is delayed until after the connection is closed. This allows clients to...

5.9CVSS6.8AI score0.03024EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Apache2

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

7.5CVSS7.7AI score0.64509EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Apache2

HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...

7.5CVSS7AI score0.91327EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/05/16 9:18 a.m.121 views

Exploit for Double Free in Apache Http_Server

cve-2026-23918 Defensive audit tools for CVE-2026-23918...

8.8CVSS6AI score0.4581EPSS
Exploits16
OSV
OSV
added 2026/05/15 2:1 p.m.11 views

OESA-2026-2317 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and...

9.8CVSS5.8AI score0.01325EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/08 4:26 a.m.191 views

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 "Apache HTTP/2 Double-Free" — Detection & Respo...

8.8CVSS6.3AI score0.4581EPSS
Exploits16
BDU FSTEC
BDU FSTEC
added 2026/05/08 12:0 a.m.2 views

The vulnerability of the mod_proxy_ajp() module in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modproxyajp module in the Apache HTTP Server is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

10CVSS6AI score0.01325EPSS
Exploits0References4Affected Software2
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.10 views

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

...

8.8CVSS5.8AI score0.00654EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.13 views

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.10 views

Apache HTTP Server: http2: double free and possible RCE on early reset

...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.10 views

Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

...

6.5CVSS5.8AI score0.00436EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/06 7:55 p.m.16 views

USN-8239-1: Apache HTTP Server vulnerabilities

Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitra...

9.8CVSS6.3AI score0.4581EPSS
Exploits18
GithubExploit
GithubExploit
added 2026/05/06 6:38 p.m.132 views

Exploit for Double Free in Apache Http_Server

Watch for the double-free in real-ti...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37663

A NULL pointer dereference in mod dav lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod dav lock is not used internally by mod dav or mod dav fs. The only known use-case for mod dav lock was mod dav svn from Apache Subversion...

7.5CVSS5.8AI score0.00594EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-28780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a...

9.8CVSS5.4AI score0.01325EPSS
Exploits0References2
Rows per page
Query Builder