Skip to main content

Apache HTTP Server EUVDEUVD-2026-35099

| CVE-2026-44185 HIGH
Buffer Over-read (CWE-126)
2026-06-08 apache GHSA-2756-g6w2-6hv2
7.3
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
SUSE
MEDIUM
qualitative
Red Hat
7.3 HIGH
qualitative

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 19:27 vuln.today
CVSS changed
Jun 08, 2026 - 19:22 NVD
7.3 (HIGH)
CVE Published
Jun 08, 2026 - 15:22 nvd
HIGH 7.3
CVE Published
Jun 08, 2026 - 15:22 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

Users are recommended to upgrade to version 2.4.68, which fixes the issue.

AnalysisAI

Buffer over-read in Apache HTTP Server 2.4.0 through 2.4.67 allows remote attackers to trigger memory disclosure or limited integrity and availability impact via outbound OCSP requests sent to an attacker-controlled OCSP responder. The flaw stems from improper bounds handling (CWE-126) when parsing OCSP response data, and currently shows no public exploit identified at time of analysis despite a CVSS 7.3 rating reflecting unauthenticated network reachability with low complexity.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Apache 2.4.x with OCSP enabled
Delivery
Stand up malicious OCSP responder
Exploit
Induce httpd to query attacker responder
Execution
Return crafted OCSP response
Persist
Trigger out-of-bounds read in parser
Impact
Disclose adjacent process memory

Vulnerability AssessmentAI

Exploitation Apache HTTP Server 2.4.0-2.4.67 must be configured to issue outbound OCSP requests - specifically with mod_ssl OCSP stapling enabled (SSLUseStapling on) or OCSP-based client certificate validation enabled (SSLOCSPEnable on) - and the attacker must be able to steer one of those outbound requests to an OCSP responder they control, typically by getting the server to process a certificate whose AIA OCSP URL points to the attacker's host, or by being positioned to intercept the OCSP traffic. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L describes network-reachable, unauthenticated exploitation with low complexity and low impact across all three CIA dimensions - a 7.3 base score that overstates day-one urgency because exploitation requires Apache to issue an outbound OCSP request to an attacker-controlled URL, which depends on the victim server being induced (e.g., via a malicious certificate presented to it, or a tampered OCSP responder URL in a verified chain) to contact that responder. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious OCSP responder and induces a target Apache HTTP Server to send it an OCSP query - for example, by presenting a client certificate whose AIA (Authority Information Access) extension points to the attacker's responder, or by intercepting a legitimate OCSP request. The attacker's responder returns a crafted OCSP response that triggers the out-of-bounds read in Apache's parser, potentially leaking small amounts of adjacent process memory back into error paths or causing worker instability. …
Remediation Vendor-released patch: upgrade to Apache HTTP Server 2.4.68, which the Apache Software Foundation explicitly identifies as the fixed version (see https://httpd.apache.org/security/vulnerabilities_24.html). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Use configuration management or vulnerability scanning to enumerate all Apache HTTP Server instances running version 2.4.0 through 2.4.67 in production and development environments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Package Hub 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected

Share

EUVD-2026-35099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy