Primary

Context

Apache HTTP Server Heap-Based Buffer Overflow Vulnerability in ProxyPassReverseCookie

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in Apache HTTP Server versions 2.4.0 prior to 2.4.67. This vulnerability arises when the server is configured with malicious backend servers and uses the ProxyPassReverseCookie directive. The flaw allows an attacker to exploit the buffer overflow, potentially leading to arbitrary code execution or causing the server to crash.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption. Such heap-overflow vulnerabilities are often exploitable, allowing for arbitrary code execution or causing the server to crash.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.68, which addresses this vulnerability.

Added: Jun 8, 2026, 5:19 PM

Updated: Jun 8, 2026, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Heap-Based Buffer Overflow Vulnerability in ProxyPassReverseCookie

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating