Threats Tagged 'cve-2026-33007'

This update includes the following RPMs: httpd: * httpd-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-core-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-devel-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-filesystem-2.4.67-0.1.hum1 (noarch) * httpd-manual-2.4.67-0.1.hum1 (noarch) * httpd-tools-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_ldap-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_lua-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_proxy_html-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_session-2.4.67-0.1.hum1 (aarch64, x86_64) * mod_ssl-2.4.67-0.1.hum1 (aarch64, x86_64) * httpd-2.4.67-0.1.hum1.src (src)

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020) * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Apache ist ein Webserver für verschiedene Plattformen.

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-33007 is a medium severity vulnerability in Apache HTTP Server versions 2.4.66 and earlier. It involves a NULL pointer dereference in the mod_authn_socache module that can be triggered by an unauthenticated remote user. This flaw allows crashing a child process when the server is configured as a caching forward proxy. The issue does not impact confidentiality or integrity but causes a denial of service by affecting availability. Users are advised to upgrade to Apache HTTP Server version 2.4.67, which addresses this vulnerability.