Astra Linux - уязвимость в apache2

Apache HTTP Server versions 2.4.39 to 2.4.46: unexpected matching behavior with "MergeSlashes OFF"...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the input.parsedpath field. An attacker can gain unauthorized access to protected resources by crafting HTTP requests with double slashes in the path, causing a mismatch between the path evaluated by...

MiracleLinux 8 : httpd:2.4 (AXSA:2021-2774:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2774:01 advisory. httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF'...

MiracleLinux 8 : httpd:2.4 (AXSA:2021-2541:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2541:01 advisory. httpd: modsession: NULL pointer dereference when parsing Cookie header CVE-2021-26690 httpd: Unexpected URL matching with 'MergeSlashes OFF'...

EUVD-2025-201394

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

DEBIAN-CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

CLSA-2022-1643747448 Fix of CVE: CVE-2021-26690, CVE-2021-30641, CVE-2021-40438

CVE-2021-40438: modproxy: SSRF via a crafted request uri-path - CVE-2021-30641: MergeSlashes regression - CVE-2021-26690: modsession NULL pointer dereference in parser...

httpd: Unexpected URL matching with 'MergeSlashes OFF'

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity...

OESA-2021-1246 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflowCVE-2021-26691 Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhtt...

Unexpected URL matching with 'MergeSlashes OFF'

...

USN-4994-2 apache2 vulnerabilities

USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Antonio Morales discovered that the Apache modauthdigest module incorrectly handled certain Digest nonces. A remote attacker coul...

USN-4994-1 apache2 vulnerabilities

Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...

DEBIAN-CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

ALPINE-CVE-2021-30641

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

AZL-6478 CVE-2021-30641 affecting package httpd for versions less than 2.4.46-10

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

PT-2021-3578 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.39 through 2.4.46 Description: The issue exists due to insufficient input validation in the Apache HTTP Server. Exploitation of this issue may allow a remote attacker to impact the integrity of protected...