SB20260522120 - openEuler 20.03 LTS SP4 update for httpd

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260522120

SB20260522120 - openEuler 20.03 LTS SP4 update for httpd

Published: May 22, 2026

Security Bulletin ID SB20260522120
CSH Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 11% Medium 78% Low 11%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 vulnerabilities.


1) Improper access control (CVE-ID: CVE-2026-24072)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper access control in various Apache HTTP Server modules when evaluating ap_expr from .htaccess files. A local user can create a crafted .htaccess expression to disclose sensitive information.

The issue affects local .htaccess authors and allows reading files with the privileges of the httpd user.


2) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-29168)

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to allocation of resources without limits or throttling in mod_md when processing OCSP response data. A remote attacker can provide crafted OCSP response data to cause a denial of service.


3) NULL pointer dereference (CVE-ID: CVE-2026-29169)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in mod_dav_lock when handling requests. A remote attacker can send a malicious request to cause a denial of service.

mod_dav_lock is not used internally by mod_dav or mod_dav_fs, and the only known use-case mentioned is mod_dav_svn earlier than version 1.2.0.


4) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2026-33006)

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N/E:P/U:Amber


The vulnerability allows a remote attacker to bypass Digest authentication.

The vulnerability exists due to a timing side-channel in mod_auth_digest when processing Digest authentication. A remote attacker can perform a timing attack to bypass Digest authentication.


5) NULL pointer dereference (CVE-ID: CVE-2026-33007)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in mod_authn_socache when handling requests in a caching forward proxy configuration. A remote attacker can send a malicious request to cause a denial of service.

The issue crashes a child process only in a caching forward proxy configuration.


6) HTTP response splitting (CVE-ID: CVE-2026-33523)

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to manipulate HTTP responses.

The vulnerability exists due to improper neutralization of CRLF sequences in multiple Apache HTTP Server modules when forwarding a backend status line. A remote attacker can supply a malicious backend response to manipulate HTTP responses.

Exploitation requires an untrusted or compromised backend server.


7) Out-of-bounds read (CVE-ID: CVE-2026-33857)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to an out-of-bounds read in mod_proxy_ajp AJP getter functions when parsing AJP data. A remote attacker can send a specially crafted AJP message to disclose sensitive information.

Exploitation requires Apache HTTP Server to connect to an untrusted or compromised AJP backend server.


8) Out-of-bounds read (CVE-ID: CVE-2026-34032)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper null termination leading to an out-of-bounds read in mod_proxy_ajp ajp_msg_get_string when parsing AJP string data. A remote attacker can send a specially crafted AJP message to disclose sensitive information.

Exploitation requires Apache HTTP Server to connect to an untrusted or compromised AJP backend server.


9) Out-of-bounds read (CVE-ID: CVE-2026-34059)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a heap over-read in mod_proxy_ajp ajp_parse_data() when processing AJP messages from a backend server. A remote attacker can send a specially crafted AJP message to disclose sensitive information.

Exploitation requires Apache HTTP Server to connect to an untrusted or compromised AJP backend server.


Remediation

Install update from vendor's website.

References