Updated apache packages fix security vulnerabilities

http2: double free and possible RCE on early reset. CVE-2026-23918 modrewrite elevation of privileges via apexpr. CVE-2026-24072 buffer overflow in modproxyajp via ajpmsgcheckheader. CVE-2026-28780 modmd unrestricted OCSP response. CVE-2026-29168 moddavlock indirect lock crash. CVE-2026-29169...

CVE-2026-29169

A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request. Mitigation Disabling moddavlock and restarting httpd will mitigate this flaw...

Apache HTTP Server: mod_dav_lock indirect lock crash

...

PT-2026-37663

A NULL pointer dereference in mod dav lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod dav lock is not used internally by mod dav or mod dav fs. The only known use-case for mod dav lock was mod dav svn from Apache Subversion...

SUSE CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

ALPINE-CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

CVE-2026-29169

CVE-2026-29169 : A NULL pointer dereference in mod_dav_lock of Apache HTTP Server 2.4.66 and earlier can crash the server when handling a malicious request. mod_dav_lock is not used internally by mod_dav or mod_dav_fs; the only known use-case was with mod_dav_svn from Apache Subversion (earlier t...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server 2.4.66 and earlier have code vulnerabilities due to a null point...

MiracleLinux 8 : subversion:1.10 (AXSA:2022-3786:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3786:01 advisory. subversion: Subversion's moddavsvn is vulnerable to memory corruption CVE-2022-24070 Tenable has extracted the preceding description block directly from the...

CLSA-2025-1756489732 subversion: Fix of CVE-2024-46901

CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...

CLSA-2025-1756409018 subversion: Fix of CVE-2024-46901

CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...

CLSA-2025-1755074254 subversion: Fix of CVE-2024-46901

CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...

CVE-2024-46901

A flaw was found in Apache Subversion when serving repositories via moddavsvn. This issue may allow authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository via insufficient validation of filenames against control characters...

OESA-2024-2538 subversion security update

Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects,...

CVE-2024-46901

Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...

PT-2024-32272 · Apache +4 · Apache Subversion +4

Name of the Vulnerable Software and Affected Versions: Apache Subversion versions prior to 1.14.5 Description: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod dav svn allows authenticated users with commit access to commit a corrupt...

CLSA-2023-1678136793 httpd: Fix of CVE-2006-20001

CVE-2006-20001: moddav: out-of-bounds read/write...

CLSA-2023-1678136294 httpd: Fix of 2 CVEs

CVE-2022-37436: modproxy: HTTP response splitting - CVE-2006-20001: moddav: out-of-bounds read/write...

httpd: mod_dav: out-of-bounds read/write of zero byte

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service...