Security Bulletin: A vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server and, in turn, by IBM Rational ClearQuest.

Summary IBM HTTP Server is utilized by IBM WebSphere Application Server, which in turn is used by the IBM Rational ClearQuest server. Details regarding security vulnerabilities impacting IBM HTTP Server have been released in an official security bulletin. Vulnerability Details Refer to the securi...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1125)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1125 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the...

Amazon Linux 2 : httpd (ALAS-2025-2958)

The version of httpd installed on the remote host is prior to 2.4.64-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2958 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response...

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to the included Apache HTTP Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Oracle HTTP Server (July 2025 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit this, a...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Apache HTTP Server vulnerabilities (USN-7639-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7639-1 advisory. It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could...

USN-7639-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache HTTP Server < 2.4.64 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

KLA85814 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, cause denial of service. Below is a complete list of vulnerabilities: 1. Insufficient...

Advisory ROSA-SA-2025-2901

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5 CVE-ID: CVE-2024-38472 BDU-ID: 2024-05354 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

TencentOS Server 3: httpd:2.4 (TSSA-2023:0200)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0200 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0144: httpd:2.4 (ALINUX3-SA-2023:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2006-20001: A carefully crafted If:...

Advisory ROSA-SA-2025-2860

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2016-0736 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Apache HTTP Server due to insufficient data encryption in modsessioncrypto, making the server susceptible to padding oracle...

Advisory ROSA-SA-2025-2804

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Apache HTTP Server vulnerabilities (USN-6729-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-1 advisory. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use...

[SECURITY] [DLA 3408-1] jruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5090-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5090-2 advisory. USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Sami HTTP Server multipel vulnerabilities

Directory traversal, DoS...

Apache: buffer overflows and a possible information disclosure

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple stack-based buffer overflows in modalias and modrewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute...