5645 matches found
CVE-2025-54090
A logic flaw has been discovered in Apache HTTP Server version 2.4.64. This vulnerability causes RewriteCond expr directives to always evaluate as true, regardless of the actual condition. This could lead to unintended routing, access control bypasses, or other security policy violations if an...
K000152694: Apache HTTPD vulnerability CVE-2025-54090
Security Advisory Description A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Impact There is no impact; F5 products are not affected by this vulnerabilit...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
CVE-2025-54090
Summary of CVE-2025-54090 : The issue affects Apache HTTP Server, specifically version 2.4.64, where all "RewriteCond expr ..." tests evaluate as true due to a bug in the expression evaluation. The remedy is to upgrade to version 2.4.65, which includes the fix. The provided connected documents co...
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
KLA86161 SB vulnerability in Apache HTTP Server
Security vulnerability was found in Apache HTTP Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache HTTP Server 2.4.65 Related products Apache-HTTP-Server CVE list CVE-2025-54090 high Solution Update to the latest version...
USN-6885-5: Apache HTTP Server vulnerabilities
USN-6885-1 fixed vulnerabilities in Apache. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this iss...
Azure Linux 3.0 Security Update: httpd (CVE-2025-49630)
The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...
CBL Mariner 2.0 Security Update: httpd (CVE-2025-49812)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...
CBL Mariner 2.0 Security Update: httpd (CVE-2024-43204)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43204 advisory. - SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL...
CBL Mariner 2.0 Security Update: httpd (CVE-2025-49630)
The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49630 advisory. - In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 throug...
Azure Linux 3.0 Security Update: httpd (CVE-2025-53020)
The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-53020 advisory. - Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apach...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...
Apache HTTP Server Server-Side Request Forgery Vulnerability (CNVD-2025-16609)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...
Apache HTTP Server server-side request forgery vulnerability (CNVD-2025-16613)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that stems from loading modproxy without implementing...
Apache HTTP Server Access Control Error Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...