Important: httpd

Issue Overview: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue. CVE-2026-24072 Heap-based Buffer...

CVE-2026-29168

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

Astra Linux – Vulnerability in Subversion

Apache Subversion SVN’s “authz” feature prevents the display of “copyfrom” paths that should be hidden according to configured path-based authorization rules. When a node is copied from a protected location, users with access to the copy can see the “copyfrom” path of the original node. This also...

CVE-2021-27005

Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server...

CVE-2026-3697 Planet ICG-2510 Language Package Configuration httpd sub_40C8E4 stack-based overflow

A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated thi...

CVE-2025-60691

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The applycgi and blockcgi functions copy user-supplied input from the "url" CGI parameter into stack buffers v36, v29 using sprintf without bounds checking. Because these buffe...

EUVD-2005-1090

Malware in sbrugna...

EUVD-2020-13526

Malware in sbrugna...

EUVD-2021-13778

Malware in sbrugna...

EUVD-2005-1089

Malware in sbrugna...

EUVD-2013-1853

Malware in sbrugna...

EUVD-2017-7104

Malware in sbrugna...

EUVD-2017-7107

Malware in sbrugna...

EUVD-2021-15220

Malware in sbrugna...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 7 : httpd (RHSA-2025:14998)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14998 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP Session Hijack via ...

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...