Messages by Date
-
2024/07/17
CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType
Eric Covener
-
2024/07/17
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
Eric Covener
-
2024/07/03
[ANNOUNCEMENT] Apache HTTP Server 2.4.61 Released
covener
-
2024/07/01
CVE-2024-36387: Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Eric Covener
-
2024/07/01
CVE-2024-38473: Apache HTTP Server proxy encoding problem
Eric Covener
-
2024/07/01
CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
Eric Covener
-
2024/07/01
CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Eric Covener
-
2024/07/01
CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences
Eric Covener
-
2024/07/01
CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
Eric Covener
-
2024/07/01
CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
Eric Covener
-
2024/07/01
CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution
Eric Covener
-
2024/07/01
[ANNOUNCEMENT] Apache HTTP Server 2.4.60 Released
covener
-
2024/04/04
[ANNOUNCEMENT] Apache HTTP Server 2.4.59 Released
covener
-
2023/10/19
[ANNOUNCEMENT] Apache HTTP Server 2.4.58 Released
icing
-
2023/04/06
[ANNOUNCEMENT] Apache HTTP Server 2.4.57 Released
covener
-
2023/03/09
[ANNOUNCEMENT] Apache HTTP Server 2.4.56 Released
covener
-
2023/01/17
[ANNOUNCEMENT] Apache HTTP Server 2.4.55 Released
covener
-
2022/03/14
[ANNOUNCEMENT] Apache HTTP Server 2.4.53 Released
icing
-
2021/10/05
[ANNOUNCEMENT] Apache HTTP Server 2.4.50 Released
icing
-
2021/09/16
[ANNOUNCEMENT] Apache HTTP Server 2.4.49 Released
icing
-
2021/06/10
CVE-2021-31618: NULL pointer dereference on specially crafted HTTP/2 request
Christophe JAILLET
-
2021/06/10
CVE-2021-26691: mod_session response handling heap overflow
Christophe JAILLET
-
2021/06/10
CVE-2021-30641: Unexpected URL matching with 'MergeSlashes OFF'
Christophe JAILLET
-
2021/06/10
CVE-2021-26690: mod_session NULL pointer dereference
Christophe JAILLET
-
2021/06/10
CVE-2020-35452: mod_auth_digest possible stack overflow by one nul byte
Christophe JAILLET
-
2021/06/10
CVE-2020-13950: mod_proxy_http NULL pointer dereference
Christophe JAILLET
-
2021/06/10
CVE-2020-13938: Improper Handling of Insufficient Privileges
Christophe JAILLET
-
2021/06/10
CVE-2019-17567: mod_proxy_wstunnel tunneling of non Upgraded connections
Christophe JAILLET
-
2021/06/01
[ANNOUNCEMENT] Apache HTTP Server 2.4.48 Released
Christophe JAILLET
-
2021/03/22
[ANNOUNCE] libapreq2-2.16 Released
jorton
-
2020/08/07
CVE-2020-9490: Push Diary Crash on Specifically Crafted HTTP/2 Header
Daniel Ruggeri
-
2020/08/07
CVE-2020-11993: Push Diary Crash on Specifically Crafted HTTP/2 Header
Daniel Ruggeri
-
2020/08/07
CVE-2020-11985: CWE-345: Insufficient verification of data authenticity
Daniel Ruggeri
-
2020/08/07
CVE-2020-11984: mod_uwsgi buffer overlow
Daniel Ruggeri
-
2020/08/07
[ANNOUNCEMENT] Apache HTTP Server 2.4.46 Released
Daniel Ruggeri
-
2019/08/14
CVE-2019-9517: mod_http2, DoS attack by exhausting h2 workers
Daniel Ruggeri
-
2019/08/14
CVE-2019-10098: mod_rewrite configurations vulnerable to open redirect
Daniel Ruggeri
-
2019/08/14
CVE-2019-10097: mod_remoteip stack buffer overflow and NULL pointer dereference
Daniel Ruggeri
-
2019/08/14
CVE-2019-10092: Limited cross-site scripting in mod_proxy
Daniel Ruggeri
-
2019/08/14
CVE-2019-10082: mod_http2, read-after-free in h2 connection shutdown
Daniel Ruggeri
-
2019/08/14
CVE-2019-10081: mod_http2, memory corruption on early pushes
Daniel Ruggeri
-
2019/08/14
[ANNOUNCEMENT] Apache HTTP Server 2.4.41 Released
Daniel Ruggeri
-
2019/04/02
[ANNOUNCEMENT] Apache HTTP Server 2.4.39 Released
Daniel Ruggeri
-
2019/01/22
[ANNOUNCEMENT] Apache HTTP Server 2.4.38 Released
Daniel Ruggeri
-
2019/01/22
CVE-2019-0190: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
Daniel Ruggeri
-
2019/01/22
CVE-2018-17199: mod_session_cookie does not respect expiry time
Daniel Ruggeri
-
2019/01/22
CVE-2018-17189: mod_http2, DoS via slow, unneeded request bodies
Daniel Ruggeri
-
2018/10/23
[ANNOUNCEMENT] Apache HTTP Server 2.4.37 Released
Daniel Ruggeri
-
2018/09/25
CVE-2018-11763: mod_http2, DoS via continuous SETTINGS frames
Daniel Ruggeri
-
2018/09/25
[ANNOUNCEMENT] Apache HTTP Server 2.4.35 Released
Daniel Ruggeri
-
2018/07/18
CVE-2018-8011: Apache HTTP Server mod_md DoS
Mark Cox
-
2018/07/18
CVE-2018-1333: Apache HTTP Server HTTP/2 DoS
Mark Cox
-
2018/07/16
[ANNOUNCEMENT] Apache HTTP Server 2.4.34 Released
Jim Jagielski
-
2018/03/26
[ANNOUNCEMENT] Apache HTTP Server 2.4.33 Released
Daniel Ruggeri
-
2018/03/26
CVE-2018-1303: Possible out of bound read in mod_cache_socache
Daniel Ruggeri
-
2018/03/26
CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request
Daniel Ruggeri
-
2018/03/26
CVE-2018-1312: Weak Digest auth nonce generation in mod_auth_digest
Daniel Ruggeri
-
2018/03/26
CVE-2018-1283: Tampering of mod_session data for CGI applications
Daniel Ruggeri
-
2018/03/26
CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name
Daniel Ruggeri
-
2018/03/26
CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown
Daniel Ruggeri
-
2018/03/26
CVE-2017-15710: Out of bound write in mod_authnz_ldap when using too small Accept-Language values
Daniel Ruggeri
-
2017/10/23
[ANNOUNCE] Apache HTTP Server 2.4.29 Released
Jim Jagielski
-
2017/10/05
[Announcement] Apache HTTP Server 2.4.28 Released
William A Rowe Jr
-
2017/07/13
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest
William A Rowe Jr
-
2017/07/13
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2
William A Rowe Jr
-
2017/07/11
[Announcement] Apache HTTP Server 2.2.34 Released
William A Rowe Jr
-
2017/07/11
[ANNOUNCEMENT] Apache HTTP Server 2.4.27 Released
Jim Jagielski
-
2017/06/19
[SECURITY] CVE-2017-7679: mod_mime buffer overread
Jacob Champion
-
2017/06/19
[SECURITY] CVE-2017-7668: ap_find_token buffer overread
Jacob Champion
-
2017/06/19
[SECURITY] CVE-2017-7659: mod_http2 null pointer dereference
Jacob Champion
-
2017/06/19
[SECURITY] CVE-2017-3169: mod_ssl null pointer dereference
Jacob Champion
-
2017/06/19
[SECURITY] CVE-2017-3167: ap_get_basic_auth_pw authentication bypass
Jacob Champion
-
2017/06/19
[ANNOUNCE] Apache HTTP Server 2.4.26 Released
Jim Jagielski
-
2016/12/20
[ANNOUNCE] Apache HTTP Server 2.4.25 Released
Jacob Champion
-
2016/12/05
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used
icing
-
2016/07/05
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs]
Dirk-Willem van Gulik
-
2016/07/05
[ANNOUNCE] Apache HTTP Server 2.4.23 Released
Jim Jagielski
-
2016/04/11
[ANNOUNCE] Apache HTTP Server 2.4.20 Released
Jim Jagielski
-
2015/12/22
[ANNOUNCEMENT] Apache HTTP Server 2.4.18 Released
Jim Jagielski
-
2015/12/14
[ANNOUNCEMENT] Apache HTTP Server 2.4.18 Released
Jim Jagielski
-
2015/10/13
[ANNOUNCEMENT] Apache HTTP Server 2.4.17 Released
Jim Jagielski
-
2015/07/16
[ANNOUNCEMENT] Apache HTTP Server 2.4.16 Released
Jim Jagielski
-
2014/09/03
[Announce] Apache HTTP Server 2.2.29 Released
William A. Rowe Jr.
-
2014/07/21
[ANNOUNCEMENT] Apache HTTP Server 2.4.10 Released
Jim Jagielski
-
2014/03/26
[Announcment] Apache HTTP Server 2.2.27 Released
William A. Rowe Jr.
-
2014/03/17
ANNOUNCE: Apache HTTP Server 2.4.9 Released
Jim Jagielski
-
2013/11/26
[ANNOUNCEMENT] Apache HTTP Server (httpd) 2.4.7 Released
Jim Jagielski
-
2013/11/18
[ANNOUNCEMENT] Apache HTTP Server (httpd) 2.2.26 Released
Jim Jagielski
-
2013/07/22
[ANNOUNCEMENT] Apache HTTP Server (httpd) 2.4.6 Released
Jim Jagielski
-
2013/07/10
[Announcement] Apache HTTP Server 2.2.25 Released
Apache HTTP Server Project
-
2013/07/10
[Announcement] Apache HTTP Server 2.0.65 Released
Apache HTTP Server Project
-
2013/02/26
Apache HTTP Server 2.2.24 Released
William A . Rowe Jr .
-
2013/02/25
[ANNOUNCE] Apache HTTP Server 2.4.4 Released
Jim Jagielski
-
2012/08/21
[ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released
Jim Jagielski
-
2012/04/17
[ANNOUNCEMENT] Apache HTTP Server 2.4.2 Released
Jim Jagielski
-
2012/02/21
[ANNOUNCEMENT] Apache HTTP Server 2.4.1 Released
Jim Jagielski
-
2012/01/31
Apache HTTP Server 2.2.22 Released
William A. Rowe Jr.
-
2011/10/05
Advisory: mod_proxy reverse proxy exposure (CVE-2011-3368)
Joe Orton
-
2011/09/13
Apache HTTP Server 2.2.21 Released
William A. Rowe Jr.
-
2011/09/04
5JYwkfn3��5乓迅儇��退忻瀑��时瞪���E仗偃滓徘迫屑沧夜染泛矢迟0牵�^;百���i;|线|
baoztevfrvih
-
2011/08/26
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)
Dirk-Willem van Gulik
-
2011/08/24
Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x \(CVE-2011-3192\)
Dirk-Willem van Gulik
-
2011/05/22
Apache HTTP Server 2.2.19 Released
William A. Rowe Jr.
-
2011/05/19
[Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
William A. Rowe Jr.
-
2011/05/11
[Announce] Apache HTTP Server 2.2.18 Released
William A. Rowe Jr.
-
2011/03/07
[ANNOUNCE] Apache HTTP Server 2.3.11-Beta Released
Jim Jagielski
-
2010/12/22
[ANNOUNCEMENT] Apache httpd 2.3.10-alpha released
Jim Jagielski
-
2010/12/03
[ANNOUNCE] libapreq2-2.13 Released
issac
-
2010/11/07
[ANNOUNCE] mod_fcgid 2.3.6 is released
Jeff Trawick
-
2010/10/19
[announce] Apache HTTP Server 2.2.17 and 2.0.64 Released
William A. Rowe Jr.
-
2010/08/31
[ANNOUNCEMENT] Apache HTTP Server 2.3.8-alpha Released
Jim Jagielski
-
2010/06/21
[ANNOUNCEMENT] Apache HTTP Server 2.3.6-alpha Released
Jim Jagielski
-
2010/06/11
[advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068
William A. Rowe Jr.
-
2010/03/06
[Announce] Apache HTTP Server (httpd) 2.2.15 Released
William A. Rowe Jr.
-
2010/02/02
Apache HTTP Server 1.3.42 released (final release of 1.3.x)
Colm MacCarthaigh
-
2010/01/28
Apache HTTP Server 2.3.5-alpha Released
Paul Querna
-
2009/08/10
Apache HTTP Server 2.2.13 Released
wrowe
-
2009/03/13
[ANNOUNCE] libapreq2-2.12 Released
joes
-
2008/12/14
[ANNOUNCEMENT] Apache HTTP Server 2.2.11 Released
Ruediger Pluem
-
2008/11/01
[ANNOUNCEMENT] Apache HTTP Server 2.2.10 Released
Jim Jagielski
-
2008/06/14
[ANNOUNCEMENT] Apache HTTP Server 2.2.9 Released
Jim Jagielski
-
2008/04/08
ApacheCon Europe Live Video Streaming - Apache 3.0 Keynote by Roy Fielding
Lars Eilebrecht
-
2008/01/19
[ANNOUNCEMENT] Apache HTTP Server 2.2.8 (2.0.63, 1.3.41) Released
Jim Jagielski
-
2008/01/19
[ANNOUNCEMENT] Apache HTTP Server 2.0.63 (2.2.8, 1.3.41) Released
Jim Jagielski
-
2008/01/19
[ANNOUNCEMENT] Apache HTTP Server 1.3.41 (2.2.8, 2.0.63) Released
Jim Jagielski
-
2007/11/26
Apache Portable Runtime 1.2.12 Released
William A. Rowe, Jr.
-
2007/09/07
[ANNOUNCE] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 Released
Jim Jagielski
-
2007/09/07
[ANNOUNCE] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 Released
Jim Jagielski
-
2007/02/15
ANNOUNCE: Mod_python 3.3.1
Gregory (Grisha) Trubetskoy
-
2007/01/10
[Announce] Apache HTTP Server 2.2.4 Released
William A. Rowe, Jr.
-
2006/12/25
ANNOUNCE: Mod_python 3.3.0b (Beta)
Gregory (Grisha) Trubetskoy
-
2006/09/08
[Announce] New (relocated) modules-...@httpd.apache.org list
William A. Rowe, Jr.
-
2006/08/09
[ANNOUNCE] libapreq2-2.08 Released
pgollucci
-
2006/08/07
ANNOUNCE: Mod_python 3.2.10
Gregory (Grisha) Trubetskoy
-
2006/07/28
[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released
William A. Rowe, Jr.
-
2006/04/30
Apache HTTP Server 2.2.2 Released
Paul Querna
-
2006/02/24
[ANNOUNCE] Mod_python 3.2.8 (security)
Gregory (Grisha) Trubetskoy
-
2006/02/13
ANNOUNCE: Mod_python 3.2.7
Gregory (Grisha) Trubetskoy
-
2006/02/12
[ANNOUNCE] libapreq2-2.07 Released
joes
-
2005/12/01
Apache HTTP Server 2.2.0 Released
Paul Querna
-
2005/11/23
ANNOUNCE: Mod_python 3.2.5 Beta
Gregory (Grisha) Trubetskoy
-
2005/11/09
Apache HTTP Server 2.1.9-beta Released
Paul Querna
-
2005/10/18
[ANNOUNCEMENT] Apache HTTP Server 1.3.34 Released
Jim Jagielski
-
2005/10/14
[Announce] Apache HTTP Server 2.0.55 Released
William A. Rowe, Jr.
-
2005/10/02
Apache HTTP Server 2.1.8-beta Released
Paul Querna
-
2005/09/19
ANNOUNCE: Mod_python 3.2.2 Beta
Gregory (Grisha) Trubetskoy
-
2005/09/12
Apache HTTP Server 2.1.7-beta Released
Paul Querna
-
2005/07/20
[ANNOUNCE] libapreq2-2.06-dev Released
joes
-
2005/06/28
Apache HTTP Server 2.1.6-alpha Released
Paul Querna
-
2005/05/08
Error: "(28)No space left on device", what could this be?
Christian Frankerl
-
2005/05/05
[ANNOUNCE] libapreq2-2.05-dev Released
joes
-
2005/04/18
[ANNOUNCE] Apache HTTP Server 2.0.54 Released
Sander Striker
-
2005/02/12
[ANNOUNCE] Mod_python 3.1.4 and 2.7.11 (security)
Gregory (Grisha) Trubetskoy
-
2005/02/08
[ANNOUNCE] Apache HTTP Server 2.0.53 Released
Justin Erenkrantz
-
2004/12/22
trustee
Camara Mane
-
2004/12/14
Contributing to the Apache Software Foundation
Brian W. Fitzpatrick
-
2004/06/30
[ANNOUNCE] Apache HTTP Server 2.0.50 Released
Sander Striker
-
2004/05/11
Press Release: Apache HTTP Server Technical Leadership
susie
-
2004/03/19
[ANNOUNCE] Apache HTTP Server 2.0.49 Released
Sander Striker
-
2004/03/03
ANNOUNCE: Mod_python 3.1.3
Gregory (Grisha) Trubetskoy
-
2004/01/22
[ANNOUNCE] Mod_python 2.7.10
Gregory (Grisha) Trubetskoy
-
2003/12/12
Contributing to the Apache Software Foundation
fundraising
-
2003/11/28
[ANNOUNCE] Mod_python 3.0.4 and 2.7.9
Gregory (Grisha) Trubetskoy
-
2003/10/29
[ANNOUNCE] Apache 2.0.48 Released
Apache HTTP Server Project
-
2003/10/29
[ANNOUNCEMENT] Apache HTTP Server 1.3.29 Released
Jim Jagielski
-
2003/10/27
ANNOUNCE: Mod_python 3.1.2 Beta
Gregory (Grisha) Trubetskoy
-
2003/09/15
Registration Opens for ApacheCon 2003
Joshua Slive
-
2003/08/29
ANNOUNCE: Mod_python 3.1.0 Alpha
Gregory (Grisha) Trubetskoy
-
2003/07/18
Apache HTTP Server 1.3.28 Released
Jim Jagielski
-
2003/05/28
[SECURITY] [ANNOUNCE] Apache 2.0.46 released
Apache HTTP Server Project
-
2003/04/01
[ANNOUNCE] Apache 2.0.45 Released
William A. Rowe, Jr.
-
2003/01/20
[ANNOUNCE] Apache 2.0.44 Released
Sander Striker
-
2002/11/05
Invitation to ApacheCon 2002 US (60% less expensive!)
Rodent of Unusual Size
-
2002/10/04
ApacheCon Early-Bird discount ends tonight!
Rodent of Unusual Size
-
2002/10/03
[Security Release] Apache HTTP Server 2.0.43
William A. Rowe, Jr.
-
2002/10/03
[SECURITY RELEASE] Apache 1.3.27 Released
Jim Jagielski
-
2002/10/01
ApacheCon early-bird registration deadline extended
Rodent of Unusual Size
-
2002/09/24
[ANNOUNCE] Apache 2.0.42 Released
Sander Striker
-
2002/09/24
ApacheCon: Less than a week left for early-bird savings
Rodent of Unusual Size
-
2002/08/09
[ANNOUNCE] Apache 2.0.40 Released
Sander Striker
-
2002/08/09
Apache 2.0 vulnerability affects non-Unix platforms
Mark J Cox