Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2025-53020 — mod_http2: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2026-27135 — nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-28780 — Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-29168 — httpd: mod_md: unrestricted OCSP response leads to resource exhaustion CVE-2026-29169 — httpd: NULL pointer dereference via specially crafted request CVE-2026-33007 — httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash CVE-2026-33857 — httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions CVE-2026-34032 — httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check CVE-2026-34059 — httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() CVE-2026-49975 — httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2026:27200
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_4_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2379343
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2448754
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464940
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464952
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464953
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2465296
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2465299
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466753
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2466913
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2485371
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27200.json