Apache 2.4.x < 2.4.67 Multiple Vulnerabilities

critical Web App Scanning Plugin ID 115232

Language:

Synopsis

Description

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.67. It is, therefore, affected by multiple vulnerabilities:

- A Double Free and possible Remote Code Execution vulnerability exists in Apache HTTP Server when using the HTTP/2 protocol. (CVE-2026-23918)

- Local .htaccess authors can read files with the privileges of the httpd user through an elevation of privileges via ap_expr in mod_rewrite. (CVE-2026-24072)

- A heap-based buffer overflow exists in mod_proxy_ajp via ajp_msg_check_header(). A malicious AJP server can send a malicious AJP message causing 4 attacker-controlled bytes to be written after the end of a heap buffer. (CVE-2026-28780)

- Unrestricted OCSP response data handling in mod_md allows allocation of resources without limits or throttling. (CVE-2026-29168)

- A NULL pointer dereference in mod_dav_lock may allow denial of service with malicious requests. (CVE-2026-29169)

- A timing attack against mod_auth_digest allows bypass of Digest authentication by a remote attacker. (CVE-2026-33006)

- A NULL pointer dereference in mod_authn_socache allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. (CVE-2026-33007)

- An HTTP response splitting vulnerability exists in multiple modules when untrusted or compromised backend servers forward malicious status lines. (CVE-2026-33523)

- An out-of-bounds read vulnerability exists in mod_proxy_ajp getter functions. (CVE-2026-33857)

- A heap buffer over-read due to missing null-termination check exists in ajp_msg_get_string() in mod_proxy_ajp. (CVE-2026-34032)

- A heap over-read and memory disclosure vulnerability exists in ajp_parse_data() in mod_proxy_ajp. (CVE-2026-34059)

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.