MiracleLinux 7 : httpd-2.4.6-98.7.0.1.el7.AXS7 (AXSA:2023-5265:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5265:04 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...

MiracleLinux 7 : httpd24-httpd-2.4.34-22.el7.1 (AXSA:2021-2460:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2460:01 advisory. httpd: modproxy: SSRF via a crafted request uri-path containing unix: CVE-2021-40438 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : httpd24-httpd-2.4.25-9.el7 (AXSA:2017-1638:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1638:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2016-0736 RESERVED This...

MiracleLinux 4 : httpd24-httpd-2.4.34-7.AXS4.1 (AXSA:2019-3830:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3830:01 advisory. httpd: privilege escalation from modules scripts CVE-2019-0211 modauthmellon: authentication bypass in ECP flow CVE-2019-3878 Tenable has extracted...

MiracleLinux 7 : httpd-2.4.6-67.5.0.1.el7.AXS7 (AXSA:2017-2357:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2357:03 advisory. A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htacce...

MiracleLinux 7 : httpd-2.4.6-90.0.1.el7.AXS7 (AXSA:2019-4324:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4324:03 advisory. httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217 httpd: URL normalization inconsistency CVE-2019-0220 Tenable has...

MiracleLinux 7 : httpd-2.4.6-99.1.0.9.el7.AXS7 (AXSA:2025-10586:06)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10586:06 advisory. CVE-2014-8109: modlua: fix LuaAuthzProvider argument handling issue CVE-2019-10092: modproxy: fix limited cross-site scripting in modproxy error pa...

RHEL 10 : httpd (RHSA-2026:0171)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0171 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serv...

RHEL 9 : httpd (RHSA-2026:0141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0141 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serve...

CVE-2025-15255 Tenda W6-S R7websSsecurityHandler httpd stack-based overflow

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

CLSA-2025-1767027096 httpd: Fix of CVE-2025-58098

CVE-2025-58098: prevent SSI args from being passed to CGI scripts...

EUVD-2025-203927

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serviceName to /goform/AdvSetMacMtuWan...

CVE-2025-67074

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...

CVE-2025-67073

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serviceName to /goform/AdvSetMacMtuWan...

CVE-2025-67074

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...

CVE-2025-14654

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14655 Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...

CVE-2025-14654

CVE-2025-14654 affects Tenda AC20 firmware version 16.03.08.12. The vulnerability resides in the httpd component, specifically the formSetPPTPUserList function in /goform/setPptpUserList, where manipulating the argument list causes a stack-based buffer overflow. It can be exploited remotely and p...

CVE-2025-60854

A vulnerability has been found in D-Link R15 AX1500 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd...

EUVD-2025-175299

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...