Detections
Analytics

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Apache HTTP Server vulnerabilities (USN-8239-1)

critical Nessus Plugin ID 313207

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8239-1 advisory.

 Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-23918)

 It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-24072)

 Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly handled certain AJP server messages. An attacker in control of a backend AJP server could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28780)

 Pavel Kohout discovered that Apache HTTP Server did not properly limit resource allocation in mod_md when processing OCSP response data. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-29168)

 Pavel Kohout discovered that the Apache HTTP Server incorrectly handled certain memory operations in mod_dav_lock. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-29169)

 Nitescu Lucian discovered that Apache HTTP Server had a timing attack vulnerability in mod_auth_digest. A remote attacker could possibly use this issue to bypass Digest authentication. (CVE-2026-33006)

 Pavel Kohout and Arkadi Vainbrand discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_authn_socache. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-33007)

 Haruki Oyama, Merih Mengisteab, and Dawit Jeong discovered that Apache HTTP Server had an HTTP response splitting vulnerability in multiple modules when used with untrusted or compromised backend servers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-33523)

 Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-33857)

 Tianshuo Han and Jrme Djouder discovered that Apache HTTP Server incorrectly handled certain string operations in mod_proxy_ajp. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-34032)

 Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-34059)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-8239-1

Plugin Details

Severity: Critical

ID: 313207

File Name: ubuntu_USN-8239-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/8/2026

Updated: 5/8/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-28780

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:25.10, p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-utils, p-cpe:/a:canonical:ubuntu_linux:apache2-bin, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi, p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev, p-cpe:/a:canonical:ubuntu_linux:apache2, p-cpe:/a:canonical:ubuntu_linux:apache2-data, p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-dev, cpe:/o:canonical:ubuntu_linux:26.04:-:lts

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/6/2026

Vulnerability Publication Date: 5/4/2026

Reference Information

CVE: CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168, CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-33857, CVE-2026-34032, CVE-2026-34059

IAVA: 2026-A-0423

USN: 8239-1