BIT-APACHE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

Important: httpd

Issue Overview: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

The vulnerability of the mod_rewrite function in the Apache HTTP Server allows attackers to execute arbitrary code.

The vulnerability of the modrewrite function in the Apache HTTP Server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

K15877: Apache vulnerability CVE-2013-1862

Security Advisory Description modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequen...

httpd: mod_rewrite allows terminal escape sequences to be written to the log file

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

Debian DSA-021-1 : apache - insecure tempfile bug, broken mod_rewrite

WireX have found some occurrences of insecure opening of temporary files in htdigest and htpasswd. Both programs are not installed setuid or setgid and thus the impact should be minimal. The Apache group has released another security bugfix which fixes a vulnerability in modrewrite which may resu...

CVE-2001-1072

Apache with modrewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / slash characters into the requested path, which causes the regular expression in the RewriteRule to fail...

[SECURITY] [DSA 021-1] New version of Apache released

---------------------------------------------------------------------------- Debian Security Advisory DSA-021-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26, 2001 - ---------------------------------------------------------------------------- Package : apache...

Дырка в Apache (mod_rewrite)

При использовании modrewrite если результат RewriteRul содержит шаблоны файлов, то атакующий может обратиться к любому файлу в системе...