2 matches found
CVE-2025-59775
Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...
PT-2025-49180
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.65 Description An integer overflow occurs during failed ACME certificate renewal. After approximately 30 days of failures with default configurations, the backoff timer reaches zero. Subsequent...