Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Apache HTTP Server — Vulnerabilities & Security Advisories 133

All 133 CVE vulnerabilities found in Apache HTTP Server, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumeration (CWE) vulnerabilities associated with the Apache HTTP Server product developed by the Apache Software Foundation. It serves as a centralized repository for security researchers, system administrators, and developers to analyze the historical and current security posture of this widely deployed web server software. The content collected here encompasses a broad spectrum of vulnerability types, including buffer overflows, cross-site scripting, denial-of-service conditions, and privilege escalation flaws that have been identified within various versions of the Apache HTTP Server. The data spans multiple years, capturing both recently disclosed issues and legacy weaknesses that may still impact older, unpatched deployments across global infrastructure. Readers can utilize this resource to track vendor security advisories and understand the evolution of specific weakness classes within the context of this particular technology stack. By examining the vulnerability history, users can assess the risk landscape, identify patterns in reported flaws, and determine appropriate mitigation strategies or patching priorities. This aggregation aims to provide a clear, structured view of the security challenges inherent in the Apache HTTP Server ecosystem, facilitating better decision-making for maintaining secure and resilient web environments without requiring extensive manual research across disparate sources.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service CWE-789--2026-06-08
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted CWE-416--2026-06-08
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow CWE-122--2026-06-08
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` CWE-126--2026-06-08
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow CWE-122--2026-06-08
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow CWE-124--2026-06-08
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules CWE-269--2026-06-08
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash CWE-125--2026-06-08
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access CWE-668--2026-06-08
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow CWE-122--2026-06-08
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp CWE-835--2026-06-08
CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS CWE-79--2026-06-08
CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free CWE-416--2026-06-08
CVE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() CWE-122 9.8 -2026-05-05
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response CWE-770 7.5 -2026-05-05
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash CWE-476 7.5 -2026-05-04
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset CWE-415 9.8 -2026-05-04
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack CWE-208 8.1 -2026-05-04
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash CWE-476 7.5 -2026-05-04
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line CWE-443 7.5 -2026-05-04
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions CWE-125 7.5 -2026-05-04
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) CWE-170 9.1 -2026-05-04
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() CWE-126 7.5 -2026-05-04
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr CWE-269 5.5 -2026-05-04
CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... CWE-201 8.1 -2025-12-05
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo 8.3 -2025-12-05
CVE-2025-65082 Apache HTTP Server: CGI environment variable override CWE-150 7.5 -2025-12-05
CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF CWE-918 5.3 -2025-12-05
CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals CWE-190--2025-12-05
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 CWE-253 7.5 -2025-07-23

All 133 known CVE vulnerabilities affecting Apache HTTP Server with full Chinese analysis, references, and POCs where available.