5772 matches found
CVE-2026-33006 affecting package httpd for versions less than 2.4.67-1
CVE-2026-33006 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-23918 affecting package httpd for versions less than 2.4.67-1
CVE-2026-23918 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-29168 affecting package httpd for versions less than 2.4.67-1
CVE-2026-29168 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-34032 affecting package httpd for versions less than 2.4.67-1
CVE-2026-34032 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...
CLSA-2026-1779129849 httpd: Fix of CVE-2026-28780
CVE-2026-28780: modproxyajp: heap-based buffer overflow in ajpmsgcheckheader — message size check did not subtract AJPHEADERLEN, letting a crafted AJP reply write 4 bytes past the end of the heap buffer...
CLSA-2026-1779091399 httpd: Fix of 8 CVEs
CVE-2026-24072: modrewrite/modsetenvif: use APEXPRFLAGRESTRICTED in htaccess to prevent reading server-side files via apexpr from .htaccess - CVE-2026-29169: moddavlock: NULL pointer dereference in davgenericrefreshlocks use dpscan instead of dp - CVE-2026-33006: modauthdigest: timing attack —...
Security Bulletin: Erlang OTP inets httpd Vulnerable to HTTP Request Smuggling via Duplicate Content-Length Headers
Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...
CLSA-2026-1778847162 httpd: Fix of CVE-2026-28780
CVE-2026-28780: heap-based buffer overflow in ajpmsgcheckheader in modproxyajp when proxying to a malicious AJP backend that returns an oversized response, allowing a 4-byte out-of-bounds write past the heap buffer...
CLSA-2026-1778789568 httpd: Fix of CVE-2022-36760
CVE-2022-36760: modproxyajp: fix possible request smuggling via invalid Transfer-Encoding...
Security Bulletin: Erlang OTP inets httpd HTTP Request Smuggling via Duplicate Content-Length Handling
Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...
Photon OS 4.0: Httpd PHSA-2026-4.0-1014
An update of the httpd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1014. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
EUVD-2026-29966
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-39455
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: httpd: httpd-2.4.67-1.hum1 aarch64, x8664 httpd-core-2.4.67-1.hum1 aarch64, x8664 httpd-devel-2.4.67-1.hum1 aarch64, x8664 httpd-filesystem-2.4.67-1.hum1 noarch httpd-manual-2.4.67-1.hum1 noarch...
CVE-2026-39455
CVE-2026-39455 affects the BIG-IP Configuration utility when LDAP authentication is used. Undisclosed traffic can cause the httpd process to exhaust file descriptors, leading to a denial‑of‑service where the Configuration utility stops responding until httpd is restarted. Exploitation: remote, un...
CVE-2026-39455 BIG-IP Configuration utility vulnerability
When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2026-40435
CVE-2026-40435 affects F5 BIG-IP httpd access control. When IP-based restrictions are configured, they do not cover all endpoints, potentially allowing connections from blocked addresses to the control plane HTTP services. Impact is a control-plane issue; exploitation requires valid credentials t...
CVE-2026-40435 BIG-IP httpd access control vulnerability
When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000156604: BIG-IP httpd access control vulnerability CVE-2026-40435
Security Advisory Description When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. CVE-2026-40435 Impact This vulnerability allows an attacker to connect to the BIG-IP control plane HTTP services; however, the...
K000160874: BIG-IP Configuration utility vulnerability CVE-2026-39455
Security Advisory Description When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors. CVE-2026-39455 Impact The Configuration utility stops...