httpd: Fix of 5 CVEs

CVE-2026-28780: modproxyajp 4-byte heap buffer overflow when contacting a malicious AJP backend off-by-AJPHEADERLEN check in ajpmsgcheckheader - CVE-2026-34059: modproxyajp heap over-read in ajpparsedata on short AJP replies - CVE-2026-33006: modauthdigest used non-constant-time strcmp for...

CLSA-2026-1779118679 Fix of 8 CVEs

SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c. - CVE-2026-34032 SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks ...

Apache HTTP Server: mod_auth_digest timing attack

...

KLA91019 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges. Below is a complete list of...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7

An update is now available for JBoss Core Services on RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

USN-3370-1 apache2 vulnerability

Robert Święcki discovered that the Apache HTTP Server modauthdigest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information...

httpd: DoS vulnerability in mod_auth_digest

It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...

USN-3279-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. CVE-2016-0736 Maksim Malyutin discovered that the Apache modauthdigest module incorrectly...