Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache HTTP Server — Vulnerabilities & Security Advisories 120

All 120 CVE vulnerabilities found in Apache HTTP Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-28780 Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header() CWE-122 9.8 -2026-05-05
CVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP response CWE-770 7.5 -2026-05-05
CVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crash CWE-476 7.5 -2026-05-04
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset CWE-415 9.8 -2026-05-04
CVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attack CWE-208 8.1 -2026-05-04
CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash CWE-476 7.5 -2026-05-04
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line CWE-443 7.5 -2026-05-04
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions CWE-125 7.5 -2026-05-04
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) CWE-170 9.1 -2026-05-04
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() CWE-126 7.5 -2026-05-04
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr CWE-269 5.5 -2026-05-04
CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... CWE-201 8.1 -2025-12-05
CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo 8.3 -2025-12-05
CVE-2025-65082 Apache HTTP Server: CGI environment variable override CWE-150 7.5 -2025-12-05
CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF CWE-918 5.3 -2025-12-05
CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals CWE-190--2025-12-05
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 CWE-253 7.5 -2025-07-23
CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase CWE-401 9.1 -2025-07-10
CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack CWE-287 7.4AIHighAI2025-07-10
CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service CWE-617 7.5AIHighAI2025-07-10
CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption CWE-284 8.1AIHighAI2025-07-10
CVE-2024-43394 Apache HTTP Server: SSRF on Windows due to UNC paths CWE-918 7.5 -2025-07-10
CVE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping CWE-150 5.3AIMediumAI2025-07-10
CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header CWE-918 5.9AIMediumAI2025-07-10
CVE-2024-42516 Apache HTTP Server: HTTP response splitting CWE-20 5.3AIMediumAI2025-07-10
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType CWE-668 7.5 -2024-07-18
CVE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows CWE-918 7.5AIHighAI2024-07-18
CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType 7.5 -2024-07-04
CVE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution CWE-20 9.3AICriticalAI2024-07-01
CVE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request CWE-476 7.5 -2024-07-01

All 120 known CVE vulnerabilities affecting Apache HTTP Server with full Chinese analysis, references, and POCs where available.