Astra Linux - уязвимость в apache2

Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL. This enables the attacker to execute code or disclose...

Astra Linux - уязвимость в apache2

A potential vulnerability in modrewrite in the Apache HTTP Server 2.4.59 and earlier versions allows an attacker to cause unsafe RewriteRules to unexpectedly set up URLs to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CLSA-2026-1779118679 Fix of 8 CVEs

SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c. - CVE-2026-34032 SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks ...

Exploit for Improper Privilege Management in Apache Http_Server

CVE-2026-24072: Apache HTTP Server modrewrite Privilege Escal...

CVE-2026-24072

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

CVE-2026-24072

CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...

MiracleLinux 8 : httpd:2.4 (AXSA:2024-8622:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8622:01 advisory. httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of outpu...

Oracle Linux 7 : httpd (ELSA-2026-0075)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0075 advisory. - Fix CVE-2025-58098 Orabug: 38816066 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 - Differentiate trusted sources Orabug:...

CLSA-2025-1760711358 Fix CVE(s): CVE-2024-38474, CVE-2024-38475

SECURITY UPDATE: modrewrite proxy handler substitution and prefixstat vulnerabilities - debian/patches/CVE-2024-38474-38475-.patch: tighten up prefixstat and %3f handling, add better question mark tracking to avoid UnsafeAllow3F - CVE-2024-38474, CVE-2024-38475...

USN-6885-6: Apache HTTP Server regression

USN-6885-1 fixed vulnerabilities in Apache. The patch for CVE-2024-38474 was incomplete and caused a regression. This update provides the fix for this issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. ...

Linux Distros Unpatched Vulnerability : CVE-2020-11985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker...

Debian dla-4270 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4270 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4270-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2020-1927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and...

USN-6885-5 apache2 vulnerabilities

USN-6885-1 fixed vulnerabilities in Apache. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this iss...

UBUNTU-CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

ALPINE-CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

Apache HTTP Server 代码问题漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a server-side request forgery vulnerability that can be exploited by an attacker to disclose NTLM...

VulnCheck KEV: CVE-2024-38475

Apache HTTP Server contains an improper escaping of output vulnerability in modrewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code...

USN-6885-4 apache2 regression

USN-6885-1 fixed a vulnerability in Apache. The patch for CVE-2024-38474 was incomplete and caused regressions. This update provides the fix for that issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. A...