Fluid Attacks Database

Description

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer.

This issue affects Apache HTTP Server: through 2.4.66.

Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.21	apache2	=2.2.16-r0 \|\| =2.2.16-r1 \|\| =2.2.16-r2 \|\| =2.2.16-r3 \|\| =2.2.17-r0 \|\| =2.2.17-r1 \|\| =2.2.17-r2 \|\| =2.2.17-r3 \|\| =2.2.17-r4 \|\| =2.2.17-r5 \|\| =2.2.20-r0 \|\| =2.2.21-r0 \|\| =2.2.21-r1 \|\| =2.2.21-r2 \|\| =2.2.21-r3 \|\| =2.2.22-r0 \|\| =2.2.22-r1 \|\| =2.4.10-r0 \|\| =2.4.12-r0 \|\| =2.4.12-r1 \|\| =2.4.12-r2 \|\| =2.4.12-r3 \|\| =2.4.12-r4 \|\| =2.4.16-r0 \|\| =2.4.17-r0 \|\| =2.4.17-r1 \|\| =2.4.17-r2 \|\| =2.4.17-r3 \|\| =2.4.17-r4 \|\| =2.4.17-r5 \|\| =2.4.17-r6 \|\| =2.4.17-r7 \|\| =2.4.18-r0 \|\| =2.4.18-r1 \|\| =2.4.18-r2 \|\| =2.4.20-r0 \|\| =2.4.20-r1 \|\| =2.4.20-r2 \|\| =2.4.23-r0 \|\| =2.4.23-r1 \|\| =2.4.23-r10 \|\| =2.4.23-r2 \|\| =2.4.23-r3 \|\| =2.4.23-r4 \|\| =2.4.23-r5 \|\| =2.4.23-r6 \|\| =2.4.23-r7 \|\| =2.4.23-r8 \|\| =2.4.23-r9 \|\| =2.4.25-r0 \|\| =2.4.25-r1 \|\| =2.4.26-r0 \|\| =2.4.27-r0 \|\| =2.4.27-r1 \|\| =2.4.27-r2 \|\| =2.4.28-r0 \|\| =2.4.29-r0 \|\| =2.4.29-r1 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.3-r2 \|\| =2.4.33-r0 \|\| =2.4.33-r1 \|\| =2.4.34-r0 \|\| =2.4.35-r0 \|\| =2.4.37-r0 \|\| =2.4.37-r1 \|\| =2.4.38-r0 \|\| =2.4.38-r1 \|\| =2.4.38-r2 \|\| =2.4.39-r0 \|\| =2.4.4-r0 \|\| =2.4.4-r1 \|\| =2.4.41-r0 \|\| =2.4.43-r0 \|\| =2.4.46-r0 \|\| =2.4.46-r1 \|\| =2.4.46-r2 \|\| =2.4.46-r3 \|\| =2.4.48-r0 \|\| =2.4.48-r1 \|\| =2.4.48-r2 \|\| =2.4.49-r1 \|\| =2.4.50-r0 \|\| =2.4.51-r0 \|\| =2.4.51-r1 \|\| =2.4.52-r0 \|\| =2.4.53-r0 \|\| =2.4.54-r0 \|\| =2.4.54-r1 \|\| =2.4.54-r2 \|\| =2.4.55-r0 \|\| =2.4.56-r0 \|\| =2.4.57-r0 \|\| =2.4.57-r1 \|\| =2.4.57-r2 \|\| =2.4.57-r3 \|\| =2.4.58-r0 \|\| =2.4.58-r1 \|\| =2.4.58-r2 \|\| =2.4.59-r0 \|\| =2.4.6-r0 \|\| =2.4.6-r1 \|\| =2.4.6-r2 \|\| =2.4.6-r3 \|\| =2.4.6-r4 \|\| =2.4.60-r0 \|\| =2.4.61-r0 \|\| =2.4.62-r0 \|\| =2.4.64-r0 \|\| =2.4.65-r0 \|\| =2.4.66-r0 \|\| =2.4.7-r0 \|\| =2.4.9-r0 \|\| =2.4.9-r1 \|\| >=0 <2.4.67-r0	2.4.67-r0
alpine v3.22	apache2	=2.2.16-r0 \|\| =2.2.16-r1 \|\| =2.2.16-r2 \|\| =2.2.16-r3 \|\| =2.2.17-r0 \|\| =2.2.17-r1 \|\| =2.2.17-r2 \|\| =2.2.17-r3 \|\| =2.2.17-r4 \|\| =2.2.17-r5 \|\| =2.2.20-r0 \|\| =2.2.21-r0 \|\| =2.2.21-r1 \|\| =2.2.21-r2 \|\| =2.2.21-r3 \|\| =2.2.22-r0 \|\| =2.2.22-r1 \|\| =2.4.10-r0 \|\| =2.4.12-r0 \|\| =2.4.12-r1 \|\| =2.4.12-r2 \|\| =2.4.12-r3 \|\| =2.4.12-r4 \|\| =2.4.16-r0 \|\| =2.4.17-r0 \|\| =2.4.17-r1 \|\| =2.4.17-r2 \|\| =2.4.17-r3 \|\| =2.4.17-r4 \|\| =2.4.17-r5 \|\| =2.4.17-r6 \|\| =2.4.17-r7 \|\| =2.4.18-r0 \|\| =2.4.18-r1 \|\| =2.4.18-r2 \|\| =2.4.20-r0 \|\| =2.4.20-r1 \|\| =2.4.20-r2 \|\| =2.4.23-r0 \|\| =2.4.23-r1 \|\| =2.4.23-r10 \|\| =2.4.23-r2 \|\| =2.4.23-r3 \|\| =2.4.23-r4 \|\| =2.4.23-r5 \|\| =2.4.23-r6 \|\| =2.4.23-r7 \|\| =2.4.23-r8 \|\| =2.4.23-r9 \|\| =2.4.25-r0 \|\| =2.4.25-r1 \|\| =2.4.26-r0 \|\| =2.4.27-r0 \|\| =2.4.27-r1 \|\| =2.4.27-r2 \|\| =2.4.28-r0 \|\| =2.4.29-r0 \|\| =2.4.29-r1 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.3-r2 \|\| =2.4.33-r0 \|\| =2.4.33-r1 \|\| =2.4.34-r0 \|\| =2.4.35-r0 \|\| =2.4.37-r0 \|\| =2.4.37-r1 \|\| =2.4.38-r0 \|\| =2.4.38-r1 \|\| =2.4.38-r2 \|\| =2.4.39-r0 \|\| =2.4.4-r0 \|\| =2.4.4-r1 \|\| =2.4.41-r0 \|\| =2.4.43-r0 \|\| =2.4.46-r0 \|\| =2.4.46-r1 \|\| =2.4.46-r2 \|\| =2.4.46-r3 \|\| =2.4.48-r0 \|\| =2.4.48-r1 \|\| =2.4.48-r2 \|\| =2.4.49-r1 \|\| =2.4.50-r0 \|\| =2.4.51-r0 \|\| =2.4.51-r1 \|\| =2.4.52-r0 \|\| =2.4.53-r0 \|\| =2.4.54-r0 \|\| =2.4.54-r1 \|\| =2.4.54-r2 \|\| =2.4.55-r0 \|\| =2.4.56-r0 \|\| =2.4.57-r0 \|\| =2.4.57-r1 \|\| =2.4.57-r2 \|\| =2.4.57-r3 \|\| =2.4.58-r0 \|\| =2.4.58-r1 \|\| =2.4.58-r2 \|\| =2.4.59-r0 \|\| =2.4.6-r0 \|\| =2.4.6-r1 \|\| =2.4.6-r2 \|\| =2.4.6-r3 \|\| =2.4.6-r4 \|\| =2.4.60-r0 \|\| =2.4.61-r0 \|\| =2.4.62-r0 \|\| =2.4.63-r0 \|\| =2.4.63-r1 \|\| =2.4.63-r2 \|\| =2.4.63-r3 \|\| =2.4.63-r4 \|\| =2.4.64-r0 \|\| =2.4.65-r0 \|\| =2.4.66-r0 \|\| =2.4.7-r0 \|\| =2.4.9-r0 \|\| =2.4.9-r1 \|\| >=0 <2.4.67-r0	2.4.67-r0
alpine v3.23	apache2	=2.2.16-r0 \|\| =2.2.16-r1 \|\| =2.2.16-r2 \|\| =2.2.16-r3 \|\| =2.2.17-r0 \|\| =2.2.17-r1 \|\| =2.2.17-r2 \|\| =2.2.17-r3 \|\| =2.2.17-r4 \|\| =2.2.17-r5 \|\| =2.2.20-r0 \|\| =2.2.21-r0 \|\| =2.2.21-r1 \|\| =2.2.21-r2 \|\| =2.2.21-r3 \|\| =2.2.22-r0 \|\| =2.2.22-r1 \|\| =2.4.10-r0 \|\| =2.4.12-r0 \|\| =2.4.12-r1 \|\| =2.4.12-r2 \|\| =2.4.12-r3 \|\| =2.4.12-r4 \|\| =2.4.16-r0 \|\| =2.4.17-r0 \|\| =2.4.17-r1 \|\| =2.4.17-r2 \|\| =2.4.17-r3 \|\| =2.4.17-r4 \|\| =2.4.17-r5 \|\| =2.4.17-r6 \|\| =2.4.17-r7 \|\| =2.4.18-r0 \|\| =2.4.18-r1 \|\| =2.4.18-r2 \|\| =2.4.20-r0 \|\| =2.4.20-r1 \|\| =2.4.20-r2 \|\| =2.4.23-r0 \|\| =2.4.23-r1 \|\| =2.4.23-r10 \|\| =2.4.23-r2 \|\| =2.4.23-r3 \|\| =2.4.23-r4 \|\| =2.4.23-r5 \|\| =2.4.23-r6 \|\| =2.4.23-r7 \|\| =2.4.23-r8 \|\| =2.4.23-r9 \|\| =2.4.25-r0 \|\| =2.4.25-r1 \|\| =2.4.26-r0 \|\| =2.4.27-r0 \|\| =2.4.27-r1 \|\| =2.4.27-r2 \|\| =2.4.28-r0 \|\| =2.4.29-r0 \|\| =2.4.29-r1 \|\| =2.4.3-r0 \|\| =2.4.3-r1 \|\| =2.4.3-r2 \|\| =2.4.33-r0 \|\| =2.4.33-r1 \|\| =2.4.34-r0 \|\| =2.4.35-r0 \|\| =2.4.37-r0 \|\| =2.4.37-r1 \|\| =2.4.38-r0 \|\| =2.4.38-r1 \|\| =2.4.38-r2 \|\| =2.4.39-r0 \|\| =2.4.4-r0 \|\| =2.4.4-r1 \|\| =2.4.41-r0 \|\| =2.4.43-r0 \|\| =2.4.46-r0 \|\| =2.4.46-r1 \|\| =2.4.46-r2 \|\| =2.4.46-r3 \|\| =2.4.48-r0 \|\| =2.4.48-r1 \|\| =2.4.48-r2 \|\| =2.4.49-r1 \|\| =2.4.50-r0 \|\| =2.4.51-r0 \|\| =2.4.51-r1 \|\| =2.4.52-r0 \|\| =2.4.53-r0 \|\| =2.4.54-r0 \|\| =2.4.54-r1 \|\| =2.4.54-r2 \|\| =2.4.55-r0 \|\| =2.4.56-r0 \|\| =2.4.57-r0 \|\| =2.4.57-r1 \|\| =2.4.57-r2 \|\| =2.4.57-r3 \|\| =2.4.58-r0 \|\| =2.4.58-r1 \|\| =2.4.58-r2 \|\| =2.4.59-r0 \|\| =2.4.6-r0 \|\| =2.4.6-r1 \|\| =2.4.6-r2 \|\| =2.4.6-r3 \|\| =2.4.6-r4 \|\| =2.4.60-r0 \|\| =2.4.61-r0 \|\| =2.4.62-r0 \|\| =2.4.63-r0 \|\| =2.4.63-r1 \|\| =2.4.63-r2 \|\| =2.4.63-r3 \|\| =2.4.63-r4 \|\| =2.4.64-r0 \|\| =2.4.65-r0 \|\| =2.4.66-r0 \|\| =2.4.7-r0 \|\| =2.4.9-r0 \|\| =2.4.9-r1 \|\| >=0 <2.4.67-r0	2.4.67-r0
debian 11	apache2	=2.4.48-3.1 \|\| =2.4.48-3.1+deb11u1 \|\| =2.4.48-4 \|\| =2.4.49-1 \|\| =2.4.49-1~bpo10+1 \|\| =2.4.49-1~deb11u1 \|\| =2.4.49-1~deb11u2 \|\| =2.4.49-1~deb11u3 \|\| =2.4.49-2 \|\| =2.4.49-3 \|\| =2.4.49-4 \|\| =2.4.50-1 \|\| =2.4.50-1~deb11u1 \|\| =2.4.51-1 \|\| =2.4.51-1~bpo10+1 \|\| =2.4.51-1~bpo10+2 \|\| =2.4.51-1~deb11u1 \|\| =2.4.51-2 \|\| =2.4.52-1 \|\| =2.4.52-1~bpo10+1 \|\| =2.4.52-1~deb11u1 \|\| =2.4.52-1~deb11u2 \|\| =2.4.52-2 \|\| =2.4.52-3 \|\| =2.4.53-1 \|\| =2.4.53-1~deb11u1 \|\| =2.4.53-2 \|\| =2.4.53-2~bpo10+1 \|\| =2.4.54-1 \|\| =2.4.54-1~deb11u1 \|\| =2.4.54-2 \|\| =2.4.54-3 \|\| =2.4.54-4 \|\| =2.4.54-5 \|\| =2.4.55-1 \|\| =2.4.56-1 \|\| =2.4.56-1~deb11u1 \|\| =2.4.56-1~deb11u2 \|\| =2.4.56-2 \|\| =2.4.57-1 \|\| =2.4.57-2 \|\| =2.4.57-3 \|\| =2.4.58-1 \|\| =2.4.59-1 \|\| =2.4.59-1~deb10u1 \|\| =2.4.59-1~deb11u1 \|\| =2.4.59-1~deb12u1 \|\| =2.4.59-2 \|\| =2.4.60-1 \|\| =2.4.61-1 \|\| =2.4.61-1~deb11u1 \|\| =2.4.61-1~deb12u1 \|\| =2.4.62-1 \|\| =2.4.62-1~deb11u1 \|\| =2.4.62-1~deb11u2 \|\| =2.4.62-1~deb12u1 \|\| =2.4.62-1~deb12u2 \|\| =2.4.62-2 \|\| =2.4.62-3 \|\| =2.4.62-4 \|\| =2.4.62-5 \|\| =2.4.62-6 \|\| =2.4.63-1 \|\| =2.4.64-1 \|\| =2.4.65-1 \|\| =2.4.65-1~deb11u1 \|\| =2.4.65-1~deb12u1 \|\| =2.4.65-2 \|\| =2.4.65-3 \|\| =2.4.66-1 \|\| =2.4.66-1~deb11u1 \|\| =2.4.66-1~deb12u1 \|\| =2.4.66-1~deb12u2 \|\| =2.4.66-1~deb13u1 \|\| =2.4.66-1~deb13u2 \|\| =2.4.66-2 \|\| =2.4.66-3 \|\| =2.4.66-4 \|\| =2.4.66-5 \|\| =2.4.66-6 \|\| =2.4.66-7 \|\| =2.4.66-8 \|\| >=0 <2.4.67-1~deb11u1	2.4.67-1~deb11u1
debian 12	apache2	=2.4.57-2 \|\| =2.4.57-3 \|\| =2.4.58-1 \|\| =2.4.59-1 \|\| =2.4.59-1~deb10u1 \|\| =2.4.59-1~deb11u1 \|\| =2.4.59-1~deb12u1 \|\| =2.4.59-2 \|\| =2.4.60-1 \|\| =2.4.61-1 \|\| =2.4.61-1~deb11u1 \|\| =2.4.61-1~deb12u1 \|\| =2.4.62-1 \|\| =2.4.62-1~deb11u1 \|\| =2.4.62-1~deb11u2 \|\| =2.4.62-1~deb12u1 \|\| =2.4.62-1~deb12u2 \|\| =2.4.62-2 \|\| =2.4.62-3 \|\| =2.4.62-4 \|\| =2.4.62-5 \|\| =2.4.62-6 \|\| =2.4.63-1 \|\| =2.4.64-1 \|\| =2.4.65-1 \|\| =2.4.65-1~deb11u1 \|\| =2.4.65-1~deb12u1 \|\| =2.4.65-2 \|\| =2.4.65-3 \|\| =2.4.66-1 \|\| =2.4.66-1~deb11u1 \|\| =2.4.66-1~deb12u1 \|\| =2.4.66-1~deb12u2 \|\| =2.4.66-1~deb13u1 \|\| =2.4.66-1~deb13u2 \|\| =2.4.66-2 \|\| =2.4.66-3 \|\| =2.4.66-4 \|\| =2.4.66-5 \|\| =2.4.66-6 \|\| =2.4.66-7 \|\| =2.4.66-8 \|\| =2.4.67-1~deb11u1 \|\| =2.4.67-1~deb12u1 \|\| >=0 <2.4.67-1~deb12u2	2.4.67-1~deb12u2
debian 13	apache2	=2.4.65-2 \|\| =2.4.65-3 \|\| =2.4.66-1 \|\| =2.4.66-1~deb11u1 \|\| =2.4.66-1~deb12u1 \|\| =2.4.66-1~deb12u2 \|\| =2.4.66-1~deb13u1 \|\| =2.4.66-1~deb13u2 \|\| =2.4.66-2 \|\| =2.4.66-3 \|\| =2.4.66-4 \|\| =2.4.66-5 \|\| =2.4.66-6 \|\| =2.4.66-7 \|\| =2.4.66-8 \|\| =2.4.67-1~deb11u1 \|\| =2.4.67-1~deb12u1 \|\| =2.4.67-1~deb12u2 \|\| =2.4.67-1~deb13u1 \|\| >=0 <2.4.67-1~deb13u2	2.4.67-1~deb13u2
debian 14	apache2	=2.4.65-2 \|\| =2.4.65-3 \|\| =2.4.66-1 \|\| =2.4.66-1~deb11u1 \|\| =2.4.66-1~deb12u1 \|\| =2.4.66-1~deb12u2 \|\| =2.4.66-1~deb13u1 \|\| =2.4.66-1~deb13u2 \|\| =2.4.66-2 \|\| =2.4.66-3 \|\| =2.4.66-4 \|\| =2.4.66-5 \|\| =2.4.66-6 \|\| =2.4.66-7 \|\| =2.4.66-8 \|\| =2.4.67-1~deb11u1 \|\| =2.4.67-1~deb12u1 \|\| =2.4.67-1~deb12u2 \|\| =2.4.67-1~deb13u1 \|\| =2.4.67-1~deb13u2 \|\| >=0 <2.4.67-1	2.4.67-1
rpm rhel10	httpd	-	-
rpm rhel6	httpd	-	-
rpm rhel7	httpd	-	-

1-10 of 13

Aliases

1. CVE-2026-287802. NVD-2026-287803. OSV-ALPINE-2026-287804. OSV-2026-287805. OSV-DEBIAN-2026-287806. SECURITY-CVE-2026-287807. SECURITY-TRACKER-CVE-2026-28780

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.