PT-2025-29114

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64 Description: An Server-Side Request Forgery SSRF issue exists in Apache HTTP Server when mod proxy is loaded. This allows an attacker to send outbound proxy requests to a URL controlled by the...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36390)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...

Apache HTTP Server Code Execution Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to execute scripts in directori...

Apache HTTP Server code issue vulnerability (CNVD-2024-36389)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a code issue vulnerability that can be exploited by an attacker to crash the server via a malicious request...

Unspecified Vulnerability in Apache HTTP Server (CNVD-2024-36387)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...

Apache HTTP Server Information Disclosure Vulnerability (CNVD-2024-36391)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to obtain sensitive...

Apache HTTP Server Server-Side Request Forgery Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTML...

Apache HTTP Server Null Pointer Dereference Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause the server...

Apache HTTP Server Information Disclosure Vulnerability (CNVD-2025-16615)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by attackers to obtain sensitive...

Internet Bug Bounty: moderate: Apache HTTP Server proxy encoding problem (CVE-2024-38473)

Moderate: Apache HTTP Server proxy encoding problem CVE-2024-38473 An encoding problem was discovered in modproxy in Apache HTTP Server versions 2.4.59 and earlier. This issue allowed request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via...

CVE-2024-39884

A flaw was found in httpd. The fix for CVE-2024-38476 ignores some uses of the legacy content-type based configuration of handlers. "AddType" and similar configurations, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

AZL-43174 CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884

CVE-2024-39884 affects Apache HTTP Server (notably 2.4.60 and older) where legacy content-type based configuration (e.g., AddType) could cause source code disclosure for indirectly requested files, potentially exposing local content (e.g., PHP scripts being served). Affected vendors consistently ...

CVE-2024-39884

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

Apache HTTP Server 2.4.60 Information Disclosure Vulnerability - Linux

Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...