Apache

HTTP Server

330 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.56%
  • Veröffentlicht 08.06.2026 15:11:12
  • Zuletzt bearbeitet 11.06.2026 04:01:39

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to...

  • EPSS 0.5%
  • Veröffentlicht 08.06.2026 15:10:09
  • Zuletzt bearbeitet 09.06.2026 16:21:31

A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to up...

  • EPSS 0.66%
  • Veröffentlicht 08.06.2026 15:07:59
  • Zuletzt bearbeitet 09.06.2026 16:29:16

Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Medienbericht
  • EPSS 1.33%
  • Veröffentlicht 05.05.2026 22:16:00
  • Zuletzt bearbeitet 09.07.2026 13:16:54

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled by...

Medienbericht
  • EPSS 0.63%
  • Veröffentlicht 05.05.2026 14:16:08
  • Zuletzt bearbeitet 06.05.2026 18:39:20

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's  mod_md via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which ...

Medienbericht
  • EPSS 0.59%
  • Veröffentlicht 04.05.2026 14:48:29
  • Zuletzt bearbeitet 05.05.2026 21:16:21

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_...

Medienbericht
  • EPSS 49.73%
  • Veröffentlicht 04.05.2026 14:44:28
  • Zuletzt bearbeitet 30.06.2026 03:17:35

Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Medienbericht
  • EPSS 0.56%
  • Veröffentlicht 04.05.2026 14:42:03
  • Zuletzt bearbeitet 04.05.2026 20:23:31

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Medienbericht
  • EPSS 0.51%
  • Veröffentlicht 04.05.2026 14:41:27
  • Zuletzt bearbeitet 04.05.2026 20:22:13

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67,...

Medienbericht
  • EPSS 0.44%
  • Veröffentlicht 04.05.2026 14:40:41
  • Zuletzt bearbeitet 04.05.2026 20:21:15

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes ...