Primary

Context

Apache HTTP Server Out-of-Bounds Read Vulnerability in mod_headers and mod_mime

Vulnerability

Patched

An out-of-bounds read vulnerability has been identified in Apache HTTP Server versions 2.4.0 prior to 2.4.67. This vulnerability occurs in the 'merge_response_headers' function, where improper handling of multiple response languages can lead to memory access violations. The issue is present when both mod_headers and mod_mime are enabled, and can cause the server to crash.

Impact

Exploitation of this vulnerability leads to a memory access violation, causing the server to crash.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.68, which addresses this vulnerability.

Added: Jun 8, 2026, 5:12 PM

Updated: Jun 8, 2026, 5:12 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.2

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Out-of-Bounds Read Vulnerability in mod_headers and mod_mime

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating