CVE-2025-53020
- EPSS 4.41%
- Veröffentlicht 10.07.2025 16:59:06
- Zuletzt bearbeitet 04.11.2025 22:16:21
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.
CVE-2025-49812
- EPSS 0.52%
- Veröffentlicht 10.07.2025 16:58:23
- Zuletzt bearbeitet 04.11.2025 22:16:18
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enab...
CVE-2025-49630
- EPSS 1.15%
- Veröffentlicht 10.07.2025 16:57:40
- Zuletzt bearbeitet 04.11.2025 22:16:18
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is co...
CVE-2025-23048
- EPSS 0.97%
- Veröffentlicht 10.07.2025 16:56:53
- Zuletzt bearbeitet 04.11.2025 22:16:06
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual host...
CVE-2024-43394
- EPSS 1.09%
- Veröffentlicht 10.07.2025 16:56:07
- Zuletzt bearbeitet 04.11.2025 22:16:03
Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from ...
CVE-2024-47252
- EPSS 0.67%
- Veröffentlicht 10.07.2025 16:55:20
- Zuletzt bearbeitet 04.11.2025 22:16:04
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used ...
CVE-2024-43204
- EPSS 0.77%
- Veröffentlicht 10.07.2025 16:54:15
- Zuletzt bearbeitet 04.11.2025 22:16:03
SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or respons...
CVE-2024-42516
- EPSS 0.68%
- Veröffentlicht 10.07.2025 16:53:13
- Zuletzt bearbeitet 04.11.2025 22:16:02
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-20...
CVE-2025-3891
- EPSS 1.21%
- Veröffentlicht 29.04.2025 11:56:50
- Zuletzt bearbeitet 29.06.2026 21:16:36
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes c...
CVE-2024-40898
- EPSS 1.54%
- Veröffentlicht 18.07.2024 10:15:03
- Zuletzt bearbeitet 21.11.2024 09:31:48
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.