CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/27 9:42 p.m.•11 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS5.8AI score0.00221EPSS

RedHat Linux•added 2026/05/27 9:42 p.m.•13 views

Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow

A flaw was found in modproxyajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP Apache JServ Protocol server, to send a specially crafted message. This message can cause modproxyajp to write attacker-controlled data...

9.8CVSS6.4AI score0.00026EPSS

RedHat Linux•added 2026/05/27 9:13 p.m.•13 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS5.8AI score0.00221EPSS

SUSE CVE•added 2026/05/13 2:21 p.m.•5 views

SUSE CVE-2026-43514

Observable Timing Discrepancy vulnerability when comparing AJP secret in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versio...

5.3CVSS5.7AI score0.001EPSS

Exploits0References3

Snyk•added 2026/05/12 5:22 p.m.•4 views

Timing Attack

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack to determine whether a guessed secret ...

6.3CVSS5.8AI score0.001EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40073

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109 Apache...

9.8CVSS5.8AI score0.00139EPSS

Exploits0References32

RedhatCVE•added 2026/05/11 7:5 p.m.•11 views

CVE-2026-34059

8.2CVSS5.8AI score0.00106EPSS

RedhatCVE•added 2026/05/11 7:5 p.m.•5 views

CVE-2026-34032

8.2CVSS5.8AI score0.00221EPSS

RedhatCVE•added 2026/05/11 7:5 p.m.•11 views

CVE-2026-33857

7.5CVSS5.8AI score0.00221EPSS

Apache Tomcat•added 2026/05/10 12:0 a.m.•4 views

Fixed in Apache Tomcat 9.0.118

Moderate: Security constraints not correctly applied CVE-2026-43515 When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. This was fixed with commit db919ff9. This issue was reported to the Tomcat securit...

9.8CVSS5.8AI score0.00253EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/05/06 6:16 a.m.•5 views

CVE-2026-28780

9.8CVSS6.4AI score0.00026EPSS

EUVD•added 2026/05/06 12:31 a.m.•5 views

EUVD-2026-27506

Heap-based Buffer Overflow vulnerability in modproxyajp of Apache HTTP Server. If modproxyajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to modproxyajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue...

5.8AI score0.00026EPSS

Exploits0References3

OSV•added 2026/05/05 10:16 p.m.•5 views

DEBIAN-CVE-2026-28780

9.8CVSS5.8AI score0.00026EPSS

Exploits0References1

UbuntuCve•added 2026/05/05 12:0 a.m.•1 views

CVE-2026-33857

Out-of-bounds Read vulnerability in modproxyajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

5.3CVSS5.8AI score0.00221EPSS

GithubExploit•added 2026/04/08 4:47 a.m.•75 views

Exploit for CVE-2020-1938

CVE-2020-1938 Tomcat AJP Ghostcat Analysis This repository co...

9.8CVSS6.8AI score0.94469EPSS

Exploits44

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2000-1229

Malware in sbrugna...

2.1CVSS6.4AI score0.00152EPSS

Exploits1References5

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-1319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though...

7.5CVSS6.8AI score0.01193EPSS

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-5379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by...

7.5CVSS7.1AI score0.00161EPSS