RHSA-2026:27200HighCVSS 8.2

Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update

Published
June 22, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (10)

📋 Description

CVE-2025-53020 — mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2026-27135 — nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-28780 — Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-29168 — httpd: mod_md: unrestricted OCSP response leads to resource exhaustion CVE-2026-29169 — httpd: NULL pointer dereference via specially crafted request CVE-2026-33007 — httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash CVE-2026-33857 — httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions CVE-2026-34032 — httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check CVE-2026-34059 — httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() CVE-2026-49975 — httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack

🔗 References (14)