BIT-APACHE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

MGASA-2024-0258 Updated apache packages fix security vulnerabilities

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encodin...

Server Side Request Forgery (SSRF)

Apache HTTP Server 2.4.59 is vulnerable to SSRF. The vulnerability is due to a missing validation in response headers leading to information disclosure, SSRF or local script execution via backend applications which have malicious or exploitable header...

NULL Pointer Dereference

modproxy in Apache HTTP Server is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to not checking pointer reference for NULL before accessing it. This allows an attacker to crash the server via a malicious request...

Server-Side Request Forgery (SSRF)

Apache HTTP Server on Windows is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to a missing validation on HTTP requests allowing attackers to potentially leak NTLM hashes to a malicious server...

Authentication Bypass

modproxy in Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is caused due to encoding problem. This allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests...

Improper Encoding

Apache HTTP Server is vulnerable to Improper Encoding. The vulnerability is caused due to Substitution encoding issue in modrewrite. This allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to...

[SECURITY] Fedora 40 Update: httpd-2.4.61-1.fc40

The Apache HTTP Server is a powerful, efficient, and extensible web server...

PT-2024-5185 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.61 Description: The issue is related to the core of Apache HTTP Server, where a partial fix ignores some use of the legacy content-type based configuration of handlers. This can result in source code disclosure...

The vulnerability of the Apache HTTP Server’s kernel, related to the inclusion of functions from an unreliable controlled area, allows attackers to execute arbitrary code.

The vulnerability of the Apache HTTP Server’s kernel is related to the inclusion of functions from an unverified controlled area. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by launching local handlers through internal redirection...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Apache HTTP Server vulnerabilities (USN-6885-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6885-1 advisory. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2...

PT-2025-29114

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64 Description: An Server-Side Request Forgery SSRF issue exists in Apache HTTP Server when mod proxy is loaded. This allows an attacker to send outbound proxy requests to a URL controlled by the...

Apache HTTP Server Information Disclosure Vulnerability (CNVD-2025-16615)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by attackers to obtain sensitive...

Apache HTTP Server Code Execution Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to execute scripts in directori...

Apache HTTP Server Information Disclosure Vulnerability (CNVD-2024-36391)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An information disclosure vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to obtain sensitive...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36390)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause insecure...

Apache HTTP Server Null Pointer Dereference Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause the server...

Apache HTTP Server code issue vulnerability (CNVD-2024-36389)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a code issue vulnerability that can be exploited by an attacker to crash the server via a malicious request...

Apache HTTP Server Server-Side Request Forgery Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTML...

Unspecified Vulnerability in Apache HTTP Server (CNVD-2024-36387)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that can be exploited by an attacker to map URLs to file system locations th...