CVE-2026-28780

CVSS-Score: 9.8 EPSS (FIRST): Score -, Perzentil - EPSS Stand: - Veroeffentlicht (CVE.org): 2026-05-05 Zuletzt angereichert: 2026-05-14 20:48 UTC

### Eintraege mit Bezug zu CVE-2026-28780

[UPDATE] [hoch] Apache HTTP Server: Mehrere Schwachstellen

 2026-05-13 10:00 HIGH CERT-Bund (BSI) government_cert

DSA-6248-1 apache2 - security update

 2026-05-06 00:00 MEDIUM Debian Security distro_advisory

CVE-2026-28780: Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

 2026-05-04 00:00 CRITICAL Apache HTTP Server Security (httpd.org JSON) vendor_advisory
Alle CVEs