apache2 (SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS package apache2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2024-38476 — CVSS 9.8 (critical): Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via…
CVE-2024-38474 — CVSS 9.8 (critical): Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories…
CVE-2023-25690 — CVSS 9.8 (critical): Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are…
CVE-2025-23048 — CVSS 9.1 (critical): In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible…
CVE-2022-36760 — CVSS 9.0 (critical): Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an…
CVE-2024-38473 — CVSS 8.1 (high): Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend…
CVE-2025-53020 — CVSS 7.5 (high): Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up…
CVE-2023-27522 — CVSS 7.5 (high): HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through…
CVE-2023-31122 — CVSS 7.5 (high): Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
CVE-2024-27316 — CVSS 7.5 (high): HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a…
CVE-2024-38477 — CVSS 7.5 (high): null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious…
CVE-2024-39573 — CVSS 7.5 (high): Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly…
CVE-2024-42516 — CVSS 7.5 (high): HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of…
CVE-2024-43204 — CVSS 7.5 (high): SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker…
CVE-2024-47252 — CVSS 7.5 (high): Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to…
CVE-2025-49630 — CVSS 7.5 (high): In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered…
CVE-2006-20001 — CVSS 7.5 (high): A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the…
CVE-2025-49812 — CVSS 7.4 (high): In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a…
CVE-2023-38709 — CVSS 7.3 (high): Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This…
CVE-2024-24795 — CVSS 6.3 (medium): HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into…
CVE-2024-39884 — CVSS 6.2 (medium): A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers…
CVE-2023-45802 — CVSS 5.9 (medium): When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed…
CVE-2022-37436 — CVSS 5.3 (medium): Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers…
CVE-2024-40725 — CVSS 5.3 (medium): A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration…