AZL-65097 CVE-2025-49812 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

AZL-65163 CVE-2025-23048 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

AZL-65223 CVE-2025-23048 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

UBUNTU-CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

CVE-2025-7206

A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub410DDC of the file switchlanguage.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated...

PT-2025-29192 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: A critical vulnerability exists in the Tenda O3V2 device. The vulnerability is located within the formWifiMacFilterSet function of the httpd component, specifically in the file...

CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

CVE-2025-27452

CVE-2025-27452 describes a misconfiguration in the Apache httpd server that serves Endress+Hauser MEAC300-FNADE4. The issue arises from activating modules that are not required for the FNADE4 web application, creating a risk of directory listing. The available connected sources confirm the vulner...

CVE-2025-27452 CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules pose a risk to the webserver which enable...

PT-2025-27781 · Apache · Apache Httpd

Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The configuration of the Apache httpd webserver is partly insecure due to unnecessary activated modules. These modules pose a risk to the webserver, enabling directory listing...

mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled

A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...

CVE-2025-6931

A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generatepassfrommac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack...

CLSA-2025-1751271625 httpd: Fix of CVE-2020-35452

CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow...

PT-2025-27421 · D Link · D-Link Di-7300G+

Name of the Vulnerable Software and Affected Versions: D-Link DI-7300G+ version 19.12.25A1 Description: A critical issue was found in the httpd debug.asp file, where the manipulation of the Time argument leads to os command injection. The exploit has been disclosed to the public and may be used...

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

Advisory ROSA-SA-2025-2900

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-62.rv30 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries...

TencentOS Server 3: httpd:2.4 (TSSA-2024:0217)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0217 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: httpd:2.4/mod_http2 (TSSA-2024:0126)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0126 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CLSA-2025-1748638011 Update of httpd

ELS-1267: merge spec for centos7, rhel7 and oracle7...

CVE-2024-45415

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in checkdataintegrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksu...