5645 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-49812
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack a...
PT-2025-32253 · Undefined · Undefined
CVE-2025-54976 - Apache HTTP Server Unvalidated User Input Leads to Remote Command Execution CVE ID : CVE-2025-54976 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...
PT-2025-32213 · Undefined · Undefined
CVE-2025-54975 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-54975 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...
PT-2025-31962 · Undefined · Undefined
Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...
PT-2025-32255 · Undefined · Undefined
CVE-2025-54978 - Apache HTTP Server HTTP Header Injection CVE ID : CVE-2025-54978 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2025-32212 · Undefined · Undefined
CVE-2025-54974 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-54974 Published : Aug. 5, 2025, 4:16 a.m. | 2 hours, 19 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1125)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1125 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the...
Amazon Linux 2 : httpd (ALAS-2025-2958)
The version of httpd installed on the remote host is prior to 2.4.64-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2958 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response...
PT-2025-31769 · Undefined · Undefined
CVE-2025-54840 - Apache HTTP Server Denial of Service CVE ID : CVE-2025-54840 Published : Aug. 1, 2025, 4:16 a.m. | 4 hours, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
PT-2025-31711 · Undefined · Undefined
CVE-2025-7356 - CVE-2020-29461: Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-7356 Published : July 30, 2025, 11:15 p.m. | 2 hours, 47 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the li...
K000152805: Apache HTTPD vulnerability CVE-2025-53020
Security Advisory Description Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue. CVE-2025-53020 Impact There is no impact; ...
mod_proxy_cluster bug fix update
An update is available for modproxycluster. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server tha...
mod_auth_openidc:2.3 security update
An update is available for module.cjose, module.modauthopenidc, modauthopenidc, cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...
RLSA-2025:3997 Important: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...
RLSA-2025:4597 Moderate: mod_auth_openidc:2.3 security update
The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS via Empty POST in modauthopenidc with OIDCPreservePost Enabled...
BIT-APACHE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)
The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...
Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Windows
Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...
Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Linux
Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...
ROS-20250724-11
Vulnerability in Apache HTTP Server web server kernel is related to access control bypass with resume session resumption in modssl. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the enforced security restrictions...