Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Apache HTTP Server — Vulnerabilities & Security Advisories 133

All 133 CVE vulnerabilities found in Apache HTTP Server, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security vulnerabilities affecting the Apache HTTP Server, focusing on various weakness types and associated tags such as cross-site scripting, buffer overflows, and configuration errors. It collects data on critical, high, medium, and low severity issues reported by vendors, researchers, and the community, covering a comprehensive time range from initial disclosures up to the present day. By reviewing this collection, users can effectively track vendor advisories related to the Apache project, gain a deeper understanding of specific weakness classes that impact web server infrastructure, and look up the detailed vulnerability history of this widely deployed software. This resource serves as a central reference point for security professionals, system administrators, and developers who need to assess the risk profile of Apache HTTP Server installations. The information presented helps in prioritizing patch management, configuring security controls, and staying informed about emerging threats. Understanding the breadth and depth of these vulnerabilities allows organizations to mitigate potential risks more effectively. This aggregation does not include specific CVE identifiers in the summary text but provides a structured overview of the types of flaws encountered. It aims to facilitate better security decision-making by presenting historical data and current trends in a clear, accessible format. The content is updated regularly to reflect the latest findings and remediation efforts within the open-source community.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service CWE-789--2026-06-08
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted CWE-416--2026-06-08
CVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflow CWE-122--2026-06-08
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` CWE-126--2026-06-08
CVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflow CWE-122--2026-06-08
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow CWE-124--2026-06-08
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules CWE-269--2026-06-08
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash CWE-125--2026-06-08
CVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory access CWE-668--2026-06-08
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow CWE-122--2026-06-08
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp CWE-835--2026-06-08
CVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSS CWE-79--2026-06-08
CVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-free CWE-416--2026-06-08
CVE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() CWE-122 9.8 -2026-05-05
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response CWE-770 7.5 -2026-05-05
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash CWE-476 7.5 -2026-05-04
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset CWE-415 9.8 -2026-05-04
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack CWE-208 8.1 -2026-05-04
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash CWE-476 7.5 -2026-05-04
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line CWE-443 7.5 -2026-05-04
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions CWE-125 7.5 -2026-05-04
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) CWE-170 9.1 -2026-05-04
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() CWE-126 7.5 -2026-05-04
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr CWE-269 5.5 -2026-05-04
CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... CWE-201 8.1 -2025-12-05
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo 8.3 -2025-12-05
CVE-2025-65082 Apache HTTP Server: CGI environment variable override CWE-150 7.5 -2025-12-05
CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF CWE-918 5.3 -2025-12-05
CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals CWE-190--2025-12-05
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 CWE-253 7.5 -2025-07-23

All 133 known CVE vulnerabilities affecting Apache HTTP Server with full Chinese analysis, references, and POCs where available.