Lucene search
+L

24 matches found

CVE
CVE
added 2026/05/05 9:29 p.m.598 views

CVE-2026-28780

CVE-2026-28780 is a heap-based buffer overflow in Apache HTTP Server’s mod_proxy_ajp (via ajp_msg_check_header()). Reports across Debian, FreeBSD/vuxml, Alpine, and NC SC advisories confirm impact on versions up to 2.4.66 and a fix in 2.4.67 . The issue allows memory corruption and can contribute...

9.8CVSS5.8AI score0.01376EPSS
CVE
CVE
added 2026/06/08 3:19 p.m.579 views

CVE-2026-44631

CVE-2026-44631 describes a Buffer Underwrite in the Apache HTTP Server when processing crafted regular expressions in its configuration. The issue affects Apache httpd from version 2.4.0 through 2.4.67. The advisory recommends upgrading to version 2.4.68, which contains the fix. The provided conn...

9.8CVSS5.4AI score0.00486EPSS
CVE
CVE
added 2026/06/08 3:7 p.m.459 views

CVE-2026-29167

CVE-2026-29167 is a Use After Free vulnerability in Apache HTTP Server when using mod_ldap in per-directory configuration. The issue affects Apache HTTP Server versions 2.4.0 through 2.4.67. The CVSS base score is 9.8 (Network, N), with high impact on confidentiality, integrity, and availability....

9.8CVSS5.4AI score0.00663EPSS
CVE
CVE
added 2026/06/08 3:26 p.m.420 views

CVE-2026-49975

The CVE-2026-49975 entry describes a memory-allocation vulnerability in Apache HTTP Server's mod_http2 that can cause a denial of service via malicious HTTP requests. Affected products/versions reported across sources include Apache httpd 2.4.17 through 2.4.67. The Debian security trackers confir...

7.5CVSS5.4AI score0.11471EPSS
CVE
CVE
added 2026/06/08 3:14 p.m.225 views

CVE-2026-42535

CVE-2026-42535 affects Apache httpd’s mod_dav_fs in versions 2.4.67 and earlier. A path handling issue lets a WebDAV content author directly manipulate trusted DAV property databases, with the practical impact described as potential child process crashes. The recommended remediation is upgrading ...

9.1CVSS5.4AI score0.00538EPSS
CVE
CVE
added 2026/05/04 2:42 p.m.213 views

CVE-2026-33006

The CVE-2026-33006 issue affects Apache HTTP Server 2.4.66 and its mod_auth_digest component. A timing-based flaw allows a remote attacker to bypass Digest authentication. The known remediation is upgrading to Apache HTTP Server 2.4.67, which fixes the vulnerability. The NVD entry documents a MED...

4.8CVSS5.8AI score0.00557EPSS
CVE
CVE
added 2026/05/04 12:54 p.m.195 views

CVE-2026-34032

CVE-2026-34032 is a vulnerability in Apache HTTP Server up to version 2.4.66, caused by a missing null-termination check in mod_proxy_ajp (ajp_msg_get_string) that leads to a heap buffer over-read. Affected product: Apache HTTP Server; vulnerable component: mod_proxy_ajp; root cause: missing null...

5.3CVSS5.8AI score0.00485EPSS
CVE
CVE
added 2026/06/08 3:11 p.m.181 views

CVE-2026-44186

CVE-2026-44186 affects Apache HTTP Server (mod_proxy_ftp). A loop with an unreachable exit condition can occur when handling an attacker-controlled backend FTP server, impacting 2.4.0 through 2.4.67. The issue’s remediation is to upgrade to Apache HTTP Server 2.4.68 or later. The provided connect...

7.3CVSS5.4AI score0.00562EPSS
CVE
CVE
added 2026/05/04 2:41 p.m.173 views

CVE-2026-33007

CVE-2026-33007 affects the Apache HTTP Server mod_authn_socache, where a NULL pointer dereference in 2.4.66 and earlier allows an unauthenticated remote user to crash a child process within a caching forward proxy configuration. The issue is resolved by upgrading to version 2.4.67. Unclear if in-...

5.3CVSS5.8AI score0.00514EPSS
CVE
CVE
added 2026/05/04 12:39 p.m.152 views

CVE-2026-34059

CVE-2026-34059 affects Apache HTTP Server up to version 2.4.66, with a vulnerability in the mod_proxy_ajp component: a heap over-read in the ajp_parse_data() path that can lead to memory disclosure. The public description in multiple sources confirms the issue and the recommended mitigation is to...

7.5CVSS5.8AI score0.00394EPSS
CVE
CVE
added 2026/05/04 1:7 p.m.151 views

CVE-2026-33857

CVE-2026-33857 concerns the Apache HTTP Server, specifically the mod_proxy_ajp component, with an out-of-bounds read in AJP getter functions affecting versions up to 2.4.66. Upgrading to version 2.4.67 is the documented fix. The available connected sources confirm the affected product, the vulner...

5.3CVSS5.8AI score0.00393EPSS
CVE
CVE
added 2026/05/05 1:10 p.m.129 views

CVE-2026-29168

CVE-2026-29168 affects Apache HTTP Server’s mod_md and is due to an Allocation of Resources Without Limits or Throttling via OCSP response data. Affected are Apache httpd versions 2.4.30 through 2.4.66; upgrading to 2.4.67 fixes the issue. The vulnerability description consistently notes this as ...

7.3CVSS5.8AI score0.00628EPSS
CVE
CVE
added 2026/05/04 12:37 p.m.125 views

CVE-2026-24072

CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...

8.8CVSS5.8AI score0.00654EPSS
CVE
CVE
added 2026/06/08 3:10 p.m.121 views

CVE-2026-29170

CVE-2026-29170 describes a cross-site scripting (XSS) vulnerability in Apache HTTP Server 2.4.67 and earlier, affecting mod_proxy_ftp during HTML directory list generation when listing FTP directory contents via forward or reverse proxy configurations. The vulnerability arises in the HTML directo...

6.1CVSS5.2AI score0.00504EPSS
CVE
CVE
added 2026/06/08 3:23 p.m.107 views

CVE-2026-42536

Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...

7.5CVSS5.4AI score0.00827EPSS
CVE
CVE
added 2026/05/04 2:44 p.m.104 views

CVE-2026-23918

CVE-2026-23918 is a vulnerability in Apache HTTP Server affecting version 2.4.66 with the HTTP/2 protocol, described as a double free and possible remote code execution. The issue may impact confidentiality, integrity, and availability (per the CVSS 3.1 metrics: base score 8.8, high impact). Reme...

8.8CVSS5.8AI score0.4581EPSS
CVE
CVE
added 2026/06/08 3:17 p.m.104 views

CVE-2026-44119

Summary: CVE-2026-44119 is an Apache HTTP Server vulnerability described as improper privilege management that allows local .htaccess authors to read files with httpd user privileges. Affected versions are Apache HTTP Server 2.4.67 and earlier; the issue is fixed in 2.4.68. This aligns with multi...

5.5CVSS5.4AI score0.00171EPSS
CVE
CVE
added 2026/06/08 3:24 p.m.91 views

CVE-2026-48913

This CVE (CVE-2026-48913) concerns Apache HTTP Server’s mod_http2 component. The reported issue is a Use After Free vulnerability when file handles are exhausted, affecting Apache HTTP Server versions 2.4.55–2.4.67. The description and connected sources consistently cite memory- or resource-relat...

7.3CVSS5.5AI score0.00479EPSS
CVE
CVE
added 2026/06/08 3:16 p.m.85 views

CVE-2026-43951

CVE-2026-43951 : Out-of-bounds read in Apache HTTP Server affecting mod_headers and mod_mime across multiple response languages. Affected versions: 2.4.0–2.4.67. The vulnerability is described in enrichment as an out-of-bounds read in the merge_response_headers path, which can lead to a crash. No...

6.5CVSS5.5AI score0.00525EPSS
CVE
CVE
added 2026/05/04 2:48 p.m.83 views

CVE-2026-29169

CVE-2026-29169 : A NULL pointer dereference in mod_dav_lock of Apache HTTP Server 2.4.66 and earlier can crash the server when handling a malicious request. mod_dav_lock is not used internally by mod_dav or mod_dav_fs; the only known use-case was with mod_dav_svn from Apache Subversion (earlier t...

7.5CVSS5.8AI score0.00594EPSS
CVE
CVE
added 2026/06/08 3:20 p.m.82 views

CVE-2026-34355

CVE-2026-34355 : A buffer overflow in Apache HTTP Server’s mod_proxy_html (affecting 2.4.67 and earlier) can be exploited by an untrusted backend. The advisory indicates that upgrading to 2.4.68 fixes the issue. Documented impact is a network‑accessible overflow with high severity (CVSS v3.1: 7.5...

7.5CVSS5.7AI score0.00937EPSS
CVE
CVE
added 2026/06/08 3:22 p.m.73 views

CVE-2026-44185

CVE-2026-44185 describes a buffer over-read in Apache HTTP Server when handling outbound OCSP requests to an attacker-controlled OCSP server. Affected versions are 2.4.0 through 2.4.67. The vulnerability is associated with the OCSP handling path (mod_ssl OCSP send_request) and can enable an attac...

7.3CVSS5.4AI score0.00598EPSS
CVE
CVE
added 2026/05/04 2:40 p.m.65 views

CVE-2026-33523

CVE-2026-33523 describes an HTTP response splitting vulnerability in multiple Apache HTTP Server modules when backends are untrusted or compromised. Affected product: Apache HTTP Server up to version 2.4.66. The issue is resolved by upgrading to version 2.4.67. The provided documents do not inclu...

6.5CVSS5.8AI score0.00436EPSS
CVE
CVE
added 2026/06/08 3:12 p.m.42 views

CVE-2026-34356

CVE-2026-34356 is a heap-based buffer overflow in Apache HTTP Server (affecting 2.4.0–2.4.67) involving malicious backend servers and ProxyPassReverseCookie. The issue could allow a crash or similar impact (per CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H; base score 7.5). Fixed by upgrading to...

7.5CVSS5.4AI score0.00682EPSS