Messages by Thread
-
CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
Eric Covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.61 Released
covener
-
CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Eric Covener
-
CVE-2024-38473: Apache HTTP Server proxy encoding problem
Eric Covener
-
CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
Eric Covener
-
CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Eric Covener
-
CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences
Eric Covener
-
CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
Eric Covener
-
CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
Eric Covener
-
CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution
Eric Covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.60 Released
covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.58 Released
icing
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.57 Released
covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.56 Released
covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.55 Released
covener
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.53 Released
icing
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.50 Released
icing
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.49 Released
icing
-
CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
Christophe JAILLET
-
CVE-2021-26691: mod_session response handling heap overflow
Christophe JAILLET
-
CVE-2021-30641: Unexpected URL matching with 'MergeSlashes OFF'
Christophe JAILLET
-
CVE-2021-26690: mod_session NULL pointer dereference
Christophe JAILLET
-
CVE-2020-35452: mod_auth_digest possible stack overflow by one nul byte
Christophe JAILLET
-
CVE-2020-13950: mod_proxy_http NULL pointer dereference
Christophe JAILLET
-
CVE-2020-13938: Improper Handling of Insufficient Privileges
Christophe JAILLET
-
CVE-2019-17567: mod_proxy_wstunnel tunneling of non Upgraded connections
Christophe JAILLET
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.48 Released
Christophe JAILLET
-
[ANNOUNCE] libapreq2-2.16 Released
jorton
-
CVE-2020-9490: Push Diary Crash on Specifically Crafted HTTP/2 Header
Daniel Ruggeri
-
CVE-2020-11993: Push Diary Crash on Specifically Crafted HTTP/2 Header
Daniel Ruggeri
-
CVE-2020-11985: CWE-345: Insufficient verification of data authenticity
Daniel Ruggeri
-
CVE-2020-11984: mod_uwsgi buffer overlow
Daniel Ruggeri
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.46 Released
Daniel Ruggeri
-
CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers
Daniel Ruggeri
-
CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect
Daniel Ruggeri
-
CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference
Daniel Ruggeri
-
CVE-2019-10092: Limited cross-site scripting in mod_proxy
Daniel Ruggeri
-
CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown
Daniel Ruggeri
-
CVE-2019-10081: mod_http2, memory corruption on early pushes
Daniel Ruggeri
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.41 Released
Daniel Ruggeri
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.39 Released
Daniel Ruggeri
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.38 Released
Daniel Ruggeri
-
CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
Daniel Ruggeri
-
CVE-2018-17199: mod_session_cookie does not respect expiry time
Daniel Ruggeri
-
CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Daniel Ruggeri
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.37 Released
Daniel Ruggeri
-
CVE-2018-11763: mod_http2, DoS via continuous SETTINGS frames
Daniel Ruggeri
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.35 Released
Daniel Ruggeri
-
CVE-2018-8011: Apache HTTP Server mod_md DoS
Mark Cox
-
CVE-2018-1333: Apache HTTP Server HTTP/2 DoS
Mark Cox
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.34 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.33 Released
Daniel Ruggeri
-
CVE-2018-1303: Possible out of bound read in mod_cache_socache
Daniel Ruggeri
-
CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request
Daniel Ruggeri
-
CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest
Daniel Ruggeri
-
CVE-2018-1283: Tampering of mod_session data for CGI applications
Daniel Ruggeri
-
CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name
Daniel Ruggeri
-
CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown
Daniel Ruggeri
-
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
Daniel Ruggeri
-
[ANNOUNCE] Apache HTTP Server 2.4.29 Released
Jim Jagielski
-
[Announcement] Apache HTTP Server 2.4.28 Released
William A Rowe Jr
-
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest
William A Rowe Jr
-
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
William A Rowe Jr
-
[Announcement] Apache HTTP Server 2.2.34 Released
William A Rowe Jr
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released
Jim Jagielski
-
[SECURITY] CVE-2017-7679: mod_mime buffer overread
Jacob Champion
-
[SECURITY] CVE-2017-7668: ap_find_token buffer overread
Jacob Champion
-
[SECURITY] CVE-2017-7659: mod_http2 null pointer dereference
Jacob Champion
-
[SECURITY] CVE-2017-3169: mod_ssl null pointer dereference
Jacob Champion
-
[SECURITY] CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Jacob Champion
-
[ANNOUNCE] Apache HTTP Server 2.4.26 Released
Jim Jagielski
-
[ANNOUNCE] Apache HTTP Server 2.4.25 Released
Jacob Champion
-
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
icing
-
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs]
Dirk-Willem van Gulik
-
[ANNOUNCE] Apache HTTP Server 2.4.23 Released
Jim Jagielski
-
[ANNOUNCE] Apache HTTP Server 2.4.20 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.18 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.17 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.16 Released
Jim Jagielski
-
[Announce] Apache HTTP Server 2.2.29 Released
William A. Rowe Jr.
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.10 Released
Jim Jagielski
-
[Announcment] Apache HTTP Server 2.2.27 Released
William A. Rowe Jr.
-
ANNOUNCE: Apache HTTP Server 2.4.9 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server (httpd) 2.4.7 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server (httpd) 2.2.26 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server (httpd) 2.4.6 Released
Jim Jagielski
-
[Announcement] Apache HTTP Server 2.2.25 Released
Apache HTTP Server Project
-
[Announcement] Apache HTTP Server 2.0.65 Released
Apache HTTP Server Project
-
Apache HTTP Server 2.2.24 Released
William A . Rowe Jr .
-
[ANNOUNCE] Apache HTTP Server 2.4.4 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.2 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.4.1 Released
Jim Jagielski
-
Apache HTTP Server 2.2.22 Released
William A. Rowe Jr.
-
Advisory: mod_proxy reverse proxy exposure (CVE-2011-3368)
Joe Orton
-
Apache HTTP Server 2.2.21 Released
William A. Rowe Jr.
-
5JYwkfn3��5乓迅儇��退忻瀑��时瞪���E仗偃滓徘迫屑沧夜染泛矢迟0牵�^;百���i;|线|
baoztevfrvih
-
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
Dirk-Willem van Gulik
-
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)
Dirk-Willem van Gulik
-
Apache HTTP Server 2.2.19 Released
William A. Rowe Jr.
-
[Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
William A. Rowe Jr.
-
[Announce] Apache HTTP Server 2.2.18 Released
William A. Rowe Jr.
-
[ANNOUNCE] Apache HTTP Server 2.3.11-Beta Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache httpd 2.3.10-alpha released
Jim Jagielski
-
[ANNOUNCE] libapreq2-2.13 Released
issac
-
[ANNOUNCE] mod_fcgid 2.3.6 is released
Jeff Trawick
-
[announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
William A. Rowe Jr.
-
[ANNOUNCEMENT] Apache HTTP Server 2.3.8-alpha Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.3.6-alpha Released
Jim Jagielski
-
[advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
William A. Rowe Jr.
-
[Announce] Apache HTTP Server (httpd) 2.2.15 Released
William A. Rowe Jr.
-
Apache HTTP Server 1.3.42 released (final release of 1.3.x)
Colm MacCarthaigh
-
Apache HTTP Server 2.3.5-alpha Released
Paul Querna
-
Apache HTTP Server 2.2.13 Released
wrowe
-
[ANNOUNCE] libapreq2-2.12 Released
joes
-
[ANNOUNCEMENT] Apache HTTP Server 2.2.11 Released
Ruediger Pluem
-
[ANNOUNCEMENT] Apache HTTP Server 2.2.10 Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.2.9 Released
Jim Jagielski
-
ApacheCon Europe Live Video Streaming - Apache 3.0 Keynote by Roy Fielding
Lars Eilebrecht
-
[ANNOUNCEMENT] Apache HTTP Server 2.2.8 (2.0.63, 1.3.41) Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 2.0.63 (2.2.8, 1.3.41) Released
Jim Jagielski
-
[ANNOUNCEMENT] Apache HTTP Server 1.3.41 (2.2.8, 2.0.63) Released
Jim Jagielski
-
Apache Portable Runtime 1.2.12 Released
William A. Rowe, Jr.
-
[ANNOUNCE] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 Released
Jim Jagielski
-
ANNOUNCE: Mod_python 3.3.1
Gregory (Grisha) Trubetskoy
-
[Announce] Apache HTTP Server 2.2.4 Released
William A. Rowe, Jr.
-
ANNOUNCE: Mod_python 3.3.0b (Beta)
Gregory (Grisha) Trubetskoy
-
[Announce] New (relocated) modules-...@httpd.apache.org list
William A. Rowe, Jr.
-
[ANNOUNCE] libapreq2-2.08 Released
pgollucci
-
ANNOUNCE: Mod_python 3.2.10
Gregory (Grisha) Trubetskoy
-
[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
William A. Rowe, Jr.
-
Apache HTTP Server 2.2.2 Released
Paul Querna
-
[ANNOUNCE] Mod_python 3.2.8 (security)
Gregory (Grisha) Trubetskoy
-
ANNOUNCE: Mod_python 3.2.7
Gregory (Grisha) Trubetskoy
-
[ANNOUNCE] libapreq2-2.07 Released
joes
-
Apache HTTP Server 2.2.0 Released
Paul Querna
-
ANNOUNCE: Mod_python 3.2.5 Beta
Gregory (Grisha) Trubetskoy
-
Apache HTTP Server 2.1.9-beta Released
Paul Querna
-
[ANNOUNCEMENT] Apache HTTP Server 1.3.34 Released
Jim Jagielski
-
[Announce] Apache HTTP Server 2.0.55 Released
William A. Rowe, Jr.
-
Apache HTTP Server 2.1.8-beta Released
Paul Querna
-
ANNOUNCE: Mod_python 3.2.2 Beta
Gregory (Grisha) Trubetskoy
-
Apache HTTP Server 2.1.7-beta Released
Paul Querna
-
[ANNOUNCE] libapreq2-2.06-dev Released
joes
-
Apache HTTP Server 2.1.6-alpha Released
Paul Querna
-
Error: "(28)No space left on device", what could this be?
Christian Frankerl
-
[ANNOUNCE] libapreq2-2.05-dev Released
joes
-
[ANNOUNCE] Apache HTTP Server 2.0.54 Released
Sander Striker
-
[ANNOUNCE] Mod_python 3.1.4 and 2.7.11 (security)
Gregory (Grisha) Trubetskoy
-
[ANNOUNCE] Apache HTTP Server 2.0.53 Released
Justin Erenkrantz
-
trustee
Camara Mane
-
[ANNOUNCE] Apache HTTP Server 2.0.50 Released
Sander Striker
-
Press Release: Apache HTTP Server Technical Leadership
susie
-
[ANNOUNCE] Apache HTTP Server 2.0.49 Released
Sander Striker
-
ANNOUNCE: Mod_python 3.1.3
Gregory (Grisha) Trubetskoy
-
[ANNOUNCE] Mod_python 2.7.10
Gregory (Grisha) Trubetskoy
-
Contributing to the Apache Software Foundation
fundraising
-
[ANNOUNCE] Mod_python 3.0.4 and 2.7.9
Gregory (Grisha) Trubetskoy
-
[ANNOUNCE] Apache 2.0.48 Released
Apache HTTP Server Project
-
[ANNOUNCEMENT] Apache HTTP Server 1.3.29 Released
Jim Jagielski
-
ANNOUNCE: Mod_python 3.1.2 Beta
Gregory (Grisha) Trubetskoy
-
Registration Opens for ApacheCon 2003
Joshua Slive
-
ANNOUNCE: Mod_python 3.1.0 Alpha
Gregory (Grisha) Trubetskoy
-
Apache HTTP Server 1.3.28 Released
Jim Jagielski
-
[SECURITY] [ANNOUNCE] Apache 2.0.46 released
Apache HTTP Server Project
-
[ANNOUNCE] Apache 2.0.45 Released
William A. Rowe, Jr.
-
[ANNOUNCE] Apache 2.0.44 Released
Sander Striker
-
Invitation to ApacheCon 2002 US (60% less expensive!)
Rodent of Unusual Size
-
ApacheCon Early-Bird discount ends tonight!
Rodent of Unusual Size
-
[Security Release] Apache HTTP Server 2.0.43
William A. Rowe, Jr.
-
[SECURITY RELEASE] Apache 1.3.27 Released
Jim Jagielski
-
ApacheCon early-bird registration deadline extended
Rodent of Unusual Size
-
[ANNOUNCE] Apache 2.0.42 Released
Sander Striker
-
ApacheCon: Less than a week left for early-bird savings
Rodent of Unusual Size
-
[ANNOUNCE] Apache 2.0.40 Released
Sander Striker
-
Apache 2.0 vulnerability affects non-Unix platforms
Mark J Cox