Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : Apache HTTP Server vulnerabilities (USN-8516-1)

critical Nessus Plugin ID 325960

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8516-1 advisory.

It was discovered that Apache HTTP Server's mod_ldap module incorrectly handled memory when processing per-directory configurations. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-29167)

It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled HTML generation for FTP directory listings. A remote attacker could possibly use this issue to inject arbitrary web script or HTML. (CVE-2026-29170)

It was discovered that Apache HTTP Server's mod_proxy_html module incorrectly handled certain content from an untrusted backend. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-34355)

It was discovered that Apache HTTP Server incorrectly handled ProxyPassReverseCookie directives with a malicious backend server. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-34356)

It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly handled certain path operations.
An authenticated user could possibly use this issue to manipulate trusted WebDAV property databases or cause a denial of service. (CVE-2026-42535)

It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly handled certain content from an untrusted backend. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-42536)

It was discovered that Apache HTTP Server incorrectly handled response headers when multiple content languages were configured. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43951)

It was discovered that Apache HTTP Server incorrectly restricted certain file functions in expressions within .htaccess files. A local attacker with .htaccess write access could possibly use this issue to obtain sensitive information. (CVE-2026-44119)

It was discovered that Apache HTTP Server's mod_ssl module incorrectly handled OCSP responses from an attacker-controlled server. A remote attacker could possibly use this issue to obtain sensitive information or cause a denial of service. (CVE-2026-44185)

It was discovered that Apache HTTP Server's mod_proxy_ftp module incorrectly handled responses from an attacker-controlled backend FTP server. A remote attacker could possibly use this issue to cause Apache HTTP Server to stop responding, resulting in a denial of service. (CVE-2026-44186)

It was discovered that Apache HTTP Server incorrectly handled crafted regular expressions in the server configuration. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2026-44631)

It was discovered that Apache HTTP Server's mod_http2 module had a use-after-free vulnerability when file handles were exhausted. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-48913)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-8516-1

Plugin Details

Severity: Critical

ID: 325960

File Name: ubuntu_USN-8516-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/9/2026

Updated: 7/9/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.7

Percentile: 99.06

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-29167

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-44631

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-utils, p-cpe:/a:canonical:ubuntu_linux:apache2-bin, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi, p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev, p-cpe:/a:canonical:ubuntu_linux:apache2, p-cpe:/a:canonical:ubuntu_linux:apache2-data, p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom, p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:apache2-dev, cpe:/o:canonical:ubuntu_linux:26.04:-:lts

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/8/2026

Vulnerability Publication Date: 6/8/2026

Reference Information

CVE: CVE-2026-29167, CVE-2026-29170, CVE-2026-34355, CVE-2026-34356, CVE-2026-42535, CVE-2026-42536, CVE-2026-43951, CVE-2026-44119, CVE-2026-44185, CVE-2026-44186, CVE-2026-44631, CVE-2026-48913

IAVA: 2026-A-0558

USN: 8516-1