Astra Linux – Vulnerability in Apache2

In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration, where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the...

BIT-APACHE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

SUSE CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

EUVD-2026-35093

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

CVE-2026-43951

CVE-2026-43951 : Out-of-bounds read in Apache HTTP Server affecting mod_headers and mod_mime across multiple response languages. Affected versions: 2.4.0–2.4.67. The vulnerability is described in enrichment as an out-of-bounds read in the merge_response_headers path, which can lead to a crash. No...

CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

CVE-2026-43951

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server from 2.4.0 to 2.4.67 contained a buffer error vulnerability, whi...

PT-2026-47321

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description An out-of-bounds read occurs when using mod headers and mod mime in conjunction with multiple response languages. An out-of-bounds read is a condition where a program reads data past...

Fedora 42 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-0b8cc86e5b)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-0b8cc86e5b advisory. nginx-mod-fancyindex: - Rebuild for 1.28.2 nginx-mod-headers-more: - Rebuild for 1.28.2 nginx-mod-brotli: - Rebuild for 1.28.2 nginx-mod-modsecurity: - Rebui...

[SECURITY] Fedora 42 Update: nginx-mod-headers-more-0.39-4.fc42

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

K000152924: Apache HTTP Server vulnerability CVE-2024-43204

Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...

SUSE CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

UBUNTU-CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

PT-2025-29114

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.64 Description: An Server-Side Request Forgery SSRF issue exists in Apache HTTP Server when mod proxy is loaded. This allows an attacker to send outbound proxy requests to a URL controlled by the...

SUSE CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...