Apache

Apache Http Server

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-28780

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 05.05.2026 22:16:00
  • Zuletzt bearbeitet 06.05.2026 20:31:10

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled by...

7.3

CVE-2026-29168

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 05.05.2026 14:16:08
  • Zuletzt bearbeitet 06.05.2026 18:39:20

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which ...

7.5

CVE-2026-29169

Medienbericht
  • EPSS 0.39%
  • Veröffentlicht 04.05.2026 14:48:29
  • Zuletzt bearbeitet 05.05.2026 21:16:21

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_...

8.8

CVE-2026-23918

Medienbericht
  • EPSS 0.07%
  • Veröffentlicht 04.05.2026 14:44:28
  • Zuletzt bearbeitet 04.05.2026 20:24:58

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

4.8

CVE-2026-33006

Medienbericht
  • EPSS 0.13%
  • Veröffentlicht 04.05.2026 14:42:03
  • Zuletzt bearbeitet 04.05.2026 20:23:31

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

5.3

CVE-2026-33007

Medienbericht
  • EPSS 0.46%
  • Veröffentlicht 04.05.2026 14:41:27
  • Zuletzt bearbeitet 04.05.2026 20:22:13

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67,...

6.5

CVE-2026-33523

Medienbericht
  • EPSS 0.17%
  • Veröffentlicht 04.05.2026 14:40:41
  • Zuletzt bearbeitet 04.05.2026 20:21:15

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes ...

5.3

CVE-2026-33857

Medienbericht
  • EPSS 0.15%
  • Veröffentlicht 04.05.2026 13:07:30
  • Zuletzt bearbeitet 04.05.2026 20:26:20

Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

5.3

CVE-2026-34032

Medienbericht
  • EPSS 0.15%
  • Veröffentlicht 04.05.2026 12:54:54
  • Zuletzt bearbeitet 04.05.2026 20:25:47

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

7.5

CVE-2026-34059

Medienbericht
  • EPSS 0.09%
  • Veröffentlicht 04.05.2026 12:39:42
  • Zuletzt bearbeitet 04.05.2026 20:27:04

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.