Wir verwenden Cookies, um unsere Webseite zu verbessern. Lesen Sie unsere Cookie-Richtlinie .

AS-2026-013: Apache HTTP Server

2026-07-01

Severity

Moderate

Status

Ongoing


Statement

The Apache Software Foundation announced multiple vulnerabilities that have been fixed in the latest release of Apache HTTP Server 2.4.68.

CVE-2026-43951 and CVE-2026-44119 will affect ASUSTOR products with Apache HTTP Server 2.4.62 installed.

  • Apache HTTP Server 2.4.68 will be released as soon as possible to App Central to resolve the issues.

Affected Products

Product Severity Fixed Release Availability
ADM 5.0 and 5.1 Moderate Ongoing.
ADM 4.3, 4.2 and 4.1 Moderate Ongoing.

Detail

  • CVE-2026-43951
    • Severity: Medium
    • CVSS3.1 Base Score: 6.5
    • CVSS3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    • Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
  • CVE-2026-44119
    • Severity: Medium
    • CVSS3.1 Base Score: 5.5
    • CVSS3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    • Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

Reference


Revision

Revision Date Description
1 2026-07-01 Initial public release.