CVE-2025-53020
- EPSS 4.41%
- Veröffentlicht 10.07.2025 16:59:06
- Zuletzt bearbeitet 04.11.2025 22:16:21
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.
CVE-2025-49812
- EPSS 0.52%
- Veröffentlicht 10.07.2025 16:58:23
- Zuletzt bearbeitet 04.11.2025 22:16:18
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enab...
CVE-2025-49630
- EPSS 1.15%
- Veröffentlicht 10.07.2025 16:57:40
- Zuletzt bearbeitet 04.11.2025 22:16:18
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is co...
CVE-2025-23048
- EPSS 0.97%
- Veröffentlicht 10.07.2025 16:56:53
- Zuletzt bearbeitet 04.11.2025 22:16:06
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual host...
CVE-2024-43394
- EPSS 1.09%
- Veröffentlicht 10.07.2025 16:56:07
- Zuletzt bearbeitet 04.11.2025 22:16:03
Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from ...
CVE-2024-47252
- EPSS 0.67%
- Veröffentlicht 10.07.2025 16:55:20
- Zuletzt bearbeitet 04.11.2025 22:16:04
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used ...
CVE-2024-43204
- EPSS 0.77%
- Veröffentlicht 10.07.2025 16:54:15
- Zuletzt bearbeitet 04.11.2025 22:16:03
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or respons...
CVE-2024-42516
- EPSS 0.68%
- Veröffentlicht 10.07.2025 16:53:13
- Zuletzt bearbeitet 04.11.2025 22:16:02
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-20...
CVE-2024-39884
- EPSS 0.89%
- Veröffentlicht 04.07.2024 09:15:04
- Zuletzt bearbeitet 01.07.2025 20:27:13
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source ...
CVE-2024-39573
- EPSS 35.45%
- Veröffentlicht 01.07.2024 19:15:05
- Zuletzt bearbeitet 03.11.2025 22:17:06
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.