982 matches found
httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...
OESA-2026-2401 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...
OESA-2026-2399 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes th...
Astra Linux – Vulnerability in Apache2
Improper neutralization of vulnerabilities related to escape, meta, or control sequences in the Apache HTTP Server, caused by unexpected overrides of variables set through the Apache configuration, which override variables calculated by the server for CGI programs. This issue affects the Apache...
Astra Linux – Vulnerability in Apache2
An HTTP response smuggling vulnerability exists in the Apache HTTP Server via modproxyuwsgi. This issue affects the Apache HTTP Server: from version 2.4.30 through 2.4.55. Special characters in the origin response header can cause the response forwarded to the client to be truncated or split...
Astra Linux – Vulnerability in Apache2
When an HTTP/2 stream is reset by a client via an RST frame, there is a time window during which the memory resources associated with the request are not immediately reclaimed. Instead, the deallocation of these resources is delayed until after the connection is closed. This allows clients to...
Astra Linux – Vulnerability in Apache2
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux – Vulnerability in Apache2
HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...
Exploit for Double Free in Apache Http_Server
cve-2026-23918 Defensive audit tools for CVE-2026-23918...
OESA-2026-2317 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and...
Exploit for Double Free in Apache Http_Server
CVE-2026-23918 "Apache HTTP/2 Double-Free" — Detection & Respo...
The vulnerability of the mod_proxy_ajp() module in the Apache HTTP Server allows a hacker to cause a service failure.
The vulnerability of the modproxyajp module in the Apache HTTP Server is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
...
Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()
...
Apache HTTP Server: http2: double free and possible RCE on early reset
...
Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line
...
USN-8239-1: Apache HTTP Server vulnerabilities
Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitra...
Exploit for Double Free in Apache Http_Server
Watch for the double-free in real-ti...
PT-2026-37663
A NULL pointer dereference in mod dav lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod dav lock is not used internally by mod dav or mod dav fs. The only known use-case for mod dav lock was mod dav svn from Apache Subversion...
Linux Distros Unpatched Vulnerability : CVE-2026-28780
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a...