Solutions pour:
Particuliers
Petites entreprises
Moyennes entreprises
Grandes entreprises
Vulnérabilités Menaces
Accueil Vulnérabilités

Multiple vulnerabilities in Apache HTTP Server

Kaspersky ID:
KLA91019
Date de la détection:
05/04/2026
Mis à jour:
05/06/2026

Description

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code, inject malicious code, gain privileges.

Below is a complete list of vulnerabilities:

  1. Buffer Over-read vulnerability in Apache HTTP Server can be exploited to cause denial of service.
  2. Throttling vulnerability in mod_md can be exploited to cause denial of service.
  3. Out-of-bounds Read vulnerability in mod_proxy_ajp can be exploited to obtain sensitive information
  4. A timing attack against mod_auth_digest can be exploited to bypass security restrictions
  5. Double Free and RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol can be exploited remotely to execute arbitrary code
  6. Improper Null Termination, Out-of-bounds Read vulnerability can be exploited to obtain sensitive information
  7. HTTP response splitting vulnerability can be exploited to inject content into http response
  8. An escalation of privilege vulnerability can be exploited remotely to escalate privileges and obtain sensitive information
  9. A NULL pointer dereference vulnerability in the mod_authn_socache can be exploited to cause denial of service
  10. Heap-based Buffer Overflow vulnerability in mod_proxy_ajp can be exploited remotely to execute arbitrary code and cause denial of service
  11. A NULL pointer dereference in mod_dav_lock can be exploited to cause denial of service

Fiches de renseignement originales

Exploitation

Public exploits exist for this vulnerability.

Liste CVE

  • CVE-2026-24072
    critical
  • CVE-2026-34059
    critical
  • CVE-2026-33857
    high
  • CVE-2026-34032
    high
  • CVE-2026-23918
    critical
  • CVE-2026-29169
    critical
  • CVE-2026-33006
    warning
  • CVE-2026-33007
    high
  • CVE-2026-33523
    high
  • CVE-2026-29168
    high
  • CVE-2026-28780
    unknown

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com

Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ? Faites-le nous savoir !
Kaspersky IT Security Calculator:
Calculez le profil de sécurité de votre entreprise
Apprendre encore plus
Kaspersky!
Votre vie en ligne mérite une protection complète!
Apprendre encore plus
Related articles
06 May 2026
Securelist
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
06 May 2026
Securelist
Websites with an undefined trust level: avoiding the trap
04 May 2026
Securelist
“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
30 April 2026
Securelist
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
24 April 2026
Securelist
PhantomRPC: A new privilege escalation technique in Windows RPC
20 April 2026
Securelist
FakeWallet crypto stealer spreading through iOS apps in the App Store
Vous avez trouvé une inexactitude dans la description de cette vulnérabilité ?
Si vous avez découvert une nouvelle menace ou vulnérabilité, veuillez nous en informer par e-mail :
newvirus@kaspersky.com
Vous avez découvert une nouvelle menace ou vulnérabilité ?
Si vous avez découvert une nouvelle menace ou vulnérabilité, veuillez nous en informer par e-mail :
newvirus@kaspersky.com
Solutions pour
Particuliers
Petites entreprises
Moyennes entreprises
Grandes entreprises
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnérabilité
Detect date
Sévérité
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.