13 matches found
CLSA-2026-1777946314 httpd: Fix of 4 CVEs
CVE-2024-42516: fix HTTP response splitting in core via Content-Type response header headerfilter rewrite - CVE-2024-43204: prevent SSRF via modheaders RequestHeader set/edit Content-Type modifying response headers - CVE-2024-43394: expand UNC path checking with new apstatcheck helper Linux:...
Updated apache packages fix security vulnerabilities
HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...
Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1183)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1183 advisory. A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Tenable has...
Medium: httpd
Issue Overview: A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Affected Packages: httpd Note: This advisory is applicable to Amazon Linux 2 AL2 Core...
FreeBSD : Apache httpd -- evaluation always true (fb08d146-752a-11f0-952c-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fb08d146-752a-11f0-952c-8447094a420f advisory. The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64. Tenable has...
Azure Linux 3.0 Security Update: httpd (CVE-2025-54090)
The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-54090 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are...
Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
...
SUSE CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
AZL-65654 CVE-2025-54090 affecting package httpd for versions less than 2.4.65-1
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
DEBIAN-CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
ALPINE-CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open source web server from the Apache Foundation USA. The server is fast, reliable, and extensible through a simple API. A security vulnerability exists in Apache HTTP Server version 2.4.64, which stems from a RewriteCond expression evaluation error that could cause all...
Apache httpd -- evaluation always true
The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...