Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987458 advisory. SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987452)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987452 advisory. HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied b...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1183)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1183 advisory. A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to version 2.4.65, which fixes the issue. CVE-2025-54090 Tenable has...

K000152924: Apache HTTP Server vulnerability CVE-2024-43204

Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...

Azure Linux 3.0 Security Update: httpd (CVE-2025-54090)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-54090 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are...

BIT-APACHE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

Apache HTTP Server 2.4.64 RewriteCond Vulnerability - Linux

Apache HTTP Server is prone to a vulnerability in SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Apache 2.4.64 RewriteCond expr Vulnerability

According to its banner, the version of Apache running on the remote host is 2.4.64. It is, therefore, affected by a bug which results in all "RewriteCond expr ..." tests evaluating as "true". Note that the scanner has not tested for these issues but has instead relied only on the application's...

CVE-2025-54090

A logic flaw has been discovered in Apache HTTP Server version 2.4.64. This vulnerability causes RewriteCond expr directives to always evaluate as true, regardless of the actual condition. This could lead to unintended routing, access control bypasses, or other security policy violations if an...

ALPINE-CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

Apache httpd -- evaluation always true

The Apache httpd project reports: 'RewriteCond expr' always evaluates to true in 2.4.64...

OPENSUSE-SU-2025:15360-1 apache2-2.4.64-1.1 on GA media

These are all security issues fixed in the apache2-2.4.64-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-49630 affecting package httpd for versions less than 2.4.64-1

CVE-2025-49630 affecting package httpd for versions less than 2.4.64-1. An upgraded version of the package is available that resolves this issue...

DEBIAN-CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

AZL-65166 CVE-2024-42516 affecting package httpd for versions less than 2.4.64-1

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

UBUNTU-CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

SUSE CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...