Primary

Context

Apache HTTP Server Buffer Underwrite Vulnerability via Crafted Regular Expressions

Vulnerability

Patched

A buffer underwrite vulnerability has been identified in Apache HTTP Server versions 2.4.0 prior to 2.4.67. This vulnerability arises in the core server when handling regular expressions in the configuration, allowing for potential memory manipulation.

Impact

Exploitation of this vulnerability leads to a buffer underwrite, where data is written before the allocated buffer, potentially causing memory corruption.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.68, which addresses this vulnerability.

Added: Jun 8, 2026, 5:02 PM

Updated: Jun 8, 2026, 5:02 PM

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

3.5

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.4

impact

0.6

exploitability

3.5

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache HTTP Server Buffer Underwrite Vulnerability via Crafted Regular Expressions

Vulnerability

Impact

Remediation

Affected Products

Apache HTTP Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating