Vulnerability-Lookup

RHSA-2026:17080

Vulnerability from csaf_redhat - Published: 2026-05-13 14:50 - Updated: 2026-05-20 16:13

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Moderate

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: httpd: * httpd-2.4.67-1.hum1 (aarch64, x86_64) * httpd-core-2.4.67-1.hum1 (aarch64, x86_64) * httpd-devel-2.4.67-1.hum1 (aarch64, x86_64) * httpd-filesystem-2.4.67-1.hum1 (noarch) * httpd-manual-2.4.67-1.hum1 (noarch) * httpd-tools-2.4.67-1.hum1 (aarch64, x86_64) * mod_ldap-2.4.67-1.hum1 (aarch64, x86_64) * mod_lua-2.4.67-1.hum1 (aarch64, x86_64) * mod_proxy_html-2.4.67-1.hum1 (aarch64, x86_64) * mod_session-2.4.67-1.hum1 (aarch64, x86_64) * mod_ssl-2.4.67-1.hum1 (aarch64, x86_64) * httpd-2.4.67-1.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-29169

A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-33006

A flaw was found in the mod_auth_digest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication.

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-208 - Observable Timing Discrepancy

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-33523

A flaw was found in httpd. When processing responses from an untrusted or compromised backend server, multiple modules fail to sanitize Carriage Return and Line Feed (CRLF) sequences in the HTTP status line. This issue leads to an HTTP response splitting attack.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-443 - CWE-443

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:httpd-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:httpd-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

20 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:17080	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-33523	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/cve/CVE-2026-29169	external
https://access.redhat.com/security/cve/CVE-2026-33006	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-29169	self
https://bugzilla.redhat.com/show_bug.cgi?id=2465296	external
https://www.cve.org/CVERecord?id=CVE-2026-29169	external
https://nvd.nist.gov/vuln/detail/CVE-2026-29169	external
https://httpd.apache.org/security/vulnerabilities…	external
https://access.redhat.com/security/cve/CVE-2026-33006	self
https://bugzilla.redhat.com/show_bug.cgi?id=2465293	external
https://www.cve.org/CVERecord?id=CVE-2026-33006	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33006	external
https://access.redhat.com/security/cve/CVE-2026-33523	self
https://bugzilla.redhat.com/show_bug.cgi?id=2465297	external
https://www.cve.org/CVERecord?id=CVE-2026-33523	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33523	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nhttpd:\n  * httpd-2.4.67-1.hum1 (aarch64, x86_64)\n  * httpd-core-2.4.67-1.hum1 (aarch64, x86_64)\n  * httpd-devel-2.4.67-1.hum1 (aarch64, x86_64)\n  * httpd-filesystem-2.4.67-1.hum1 (noarch)\n  * httpd-manual-2.4.67-1.hum1 (noarch)\n  * httpd-tools-2.4.67-1.hum1 (aarch64, x86_64)\n  * mod_ldap-2.4.67-1.hum1 (aarch64, x86_64)\n  * mod_lua-2.4.67-1.hum1 (aarch64, x86_64)\n  * mod_proxy_html-2.4.67-1.hum1 (aarch64, x86_64)\n  * mod_session-2.4.67-1.hum1 (aarch64, x86_64)\n  * mod_ssl-2.4.67-1.hum1 (aarch64, x86_64)\n  * httpd-2.4.67-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:17080",
        "url": "https://access.redhat.com/errata/RHSA-2026:17080"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33523",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33523"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-29169",
        "url": "https://access.redhat.com/security/cve/CVE-2026-29169"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-33006",
        "url": "https://access.redhat.com/security/cve/CVE-2026-33006"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_17080.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-05-20T16:13:21+00:00",
      "generator": {
        "date": "2026-05-20T16:13:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2026:17080",
      "initial_release_date": "2026-05-13T14:50:31+00:00",
      "revision_history": [
        {
          "date": "2026-05-13T14:50:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-15T02:35:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-20T16:13:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@aarch64",
                "product": {
                  "name": "httpd-main@aarch64",
                  "product_id": "httpd-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.67-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@src",
                "product": {
                  "name": "httpd-main@src",
                  "product_id": "httpd-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.67-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@x86_64",
                "product": {
                  "name": "httpd-main@x86_64",
                  "product_id": "httpd-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.67-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-main@noarch",
                "product": {
                  "name": "httpd-main@noarch",
                  "product_id": "httpd-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-filesystem@2.4.67-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@aarch64"
        },
        "product_reference": "httpd-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@noarch"
        },
        "product_reference": "httpd-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@src"
        },
        "product_reference": "httpd-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:httpd-main@x86_64"
        },
        "product_reference": "httpd-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-29169",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2026-05-04T15:01:18.611919+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2465296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_dav_lock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_dav_lock: NULL pointer dereference via specially crafted request",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue allows an unauthenticated remote attacker to crash the server via a specially crafted request. However, the mod_dav_lock module is obsolete and rarely enabled in modern environments. The only known use-case for the module was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Due to this reason, this vulnerability has been rated with a low severity.\n\nThis flaw only affects configurations with mod_dav_lock loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-29169"
        },
        {
          "category": "external",
          "summary": "RHBZ#2465296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465296"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-29169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-29169"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29169"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T14:48:29.832000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-13T14:50:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:17080"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_dav_lock and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_dav_lock: NULL pointer dereference via specially crafted request"
    },
    {
      "cve": "CVE-2026-33006",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "discovery_date": "2026-05-04T15:01:10.207549+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2465293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_auth_digest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_auth_digest: timing attack allows a bypass of digest authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this vulnerability, an attacker needs to send a high volume of specific requests to the server. These payloads are used to trigger the vulnerable and non-constant-time code path to perform statistical analysis on the resulting timing variations, increasing the complexity of exploitation. The primary security impact of this issue is the unauthorized access to resources protected by digest authentication. Due to these reasons, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33006"
        },
        {
          "category": "external",
          "summary": "RHBZ#2465293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33006"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T14:42:03.473000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-13T14:50:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:17080"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_auth_digest: timing attack allows a bypass of digest authentication"
    },
    {
      "cve": "CVE-2026-33523",
      "cwe": {
        "id": "CWE-443",
        "name": "CWE-443"
      },
      "discovery_date": "2026-05-04T15:01:21.624499+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2465297"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in httpd. When processing responses from an untrusted or compromised backend server, multiple modules fail to sanitize Carriage Return and Line Feed (CRLF) sequences in the HTTP status line. This issue leads to an HTTP response splitting attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: HTTP response splitting forwarding malicious status line",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this vulnerability, the Apache HTTP Server must be configured to connect to an untrusted or compromised backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:httpd-main@aarch64",
          "Red Hat Hardened Images:httpd-main@noarch",
          "Red Hat Hardened Images:httpd-main@src",
          "Red Hat Hardened Images:httpd-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33523"
        },
        {
          "category": "external",
          "summary": "RHBZ#2465297",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465297"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33523",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33523"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33523",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33523"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T14:40:41.430000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-13T14:50:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:17080"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:httpd-main@aarch64",
            "Red Hat Hardened Images:httpd-main@noarch",
            "Red Hat Hardened Images:httpd-main@src",
            "Red Hat Hardened Images:httpd-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: HTTP response splitting forwarding malicious status line"
    }
  ]
}

CVE-2026-29169 (GCVE-0-2026-29169)

Vulnerability from cvelistv5 – Published: 2026-05-04 14:48 – Updated: 2026-05-05 20:23

Title

Apache HTTP Server: mod_dav_lock indirect lock crash

Summary

A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.

Severity

No CVSS data available.

CWE

CWE-476 - NULL Pointer Dereference

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Pavel Kohout, Aisle Research, Aisle.com

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-29169",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T15:52:40.756863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T15:53:03.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-05T20:23:49.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/20"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/05/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pavel Kohout, Aisle Research, Aisle.com"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.\u003cbr\u003e\u003cbr\u003eThe only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.\u003cbr\u003e"
            }
          ],
          "value": "A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs.\n\nThe only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T14:48:29.832Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-04T11:46:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "eng",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "2.4.67 released"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933354"
        }
      ],
      "title": "Apache HTTP Server: mod_dav_lock indirect lock crash",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-29169",
    "datePublished": "2026-05-04T14:48:29.832Z",
    "dateReserved": "2026-03-04T11:50:32.014Z",
    "dateUpdated": "2026-05-05T20:23:49.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33006 (GCVE-0-2026-33006)

Vulnerability from cvelistv5 – Published: 2026-05-04 14:42 – Updated: 2026-05-04 18:23

Title

Apache HTTP Server: mod_auth_digest timing attack

Summary

A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-208 - Observable Timing Discrepancy

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Nitescu Lucian

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:47.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/21"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T15:12:29.723872Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T18:23:55.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nitescu Lucian"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
            }
          ],
          "value": "A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208 Observable Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T14:42:03.473Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-09T09:08:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "eng",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "2.4.67 released"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933356"
        }
      ],
      "title": "Apache HTTP Server: mod_auth_digest timing attack",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33006",
    "datePublished": "2026-05-04T14:42:03.473Z",
    "dateReserved": "2026-03-17T16:42:48.946Z",
    "dateUpdated": "2026-05-04T18:23:55.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33523 (GCVE-0-2026-33523)

Vulnerability from cvelistv5 – Published: 2026-05-04 14:40 – Updated: 2026-05-04 17:32

Title

Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

Summary

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-443 - HTTP response splitting

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.66 (semver)

Credits

Haruki Oyama (Waseda University) Merih Mengisteab Dawit Jeong

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33523",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T15:55:00.471385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T15:56:35.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:49.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/23"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Haruki Oyama (Waseda University)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Merih Mengisteab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Dawit Jeong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.\n\nThis issue affects Apache HTTP Server: from through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-443",
              "description": "CWE-443: HTTP response splitting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T14:40:41.430Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-05T12:00:00.000Z",
          "value": "reported"
        },
        {
          "lang": "eng",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "2.4.67 released"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933360"
        }
      ],
      "title": "Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33523",
    "datePublished": "2026-05-04T14:40:41.430Z",
    "dateReserved": "2026-03-20T17:29:39.696Z",
    "dateUpdated": "2026-05-04T17:32:49.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:17080

CVE-2026-29169 (GCVE-0-2026-29169)

CVE-2026-33006 (GCVE-0-2026-33006)

CVE-2026-33523 (GCVE-0-2026-33523)

Tags

Sightings

Nomenclature