Primary

Context

Apache HTTP Server Buffer Over-Read Vulnerability via Outbound OCSP Requests

Vulnerability

Patched

A buffer over-read vulnerability has been identified in Apache HTTP Server in versions 2.4.0 prior to 2.4.67. This vulnerability occurs in the mod_ssl component when the server makes outbound OCSP requests to an attacker-controlled OCSP server. The flaw can be exploited to read memory beyond the intended bounds, potentially leading to information disclosure or a crash of the server process.

Impact

Exploitation of this vulnerability causes a buffer over-read, which can lead to memory corruption, information disclosure, or a crash of the Apache HTTP Server process.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.68, which addresses this vulnerability.

Added: Jun 8, 2026, 5:09 PM

Updated: Jun 8, 2026, 5:09 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Buffer Over-Read Vulnerability via Outbound OCSP Requests

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating