Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header
Summary
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
What this means
In plain English
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. Memory corruption can crash the affected process and, where the advisory states code execution is possible, may expose the host to further compromise.
Vulnerable items
- Apache HTTP Server — Apache HTTP Server is a widely deployed web server for serving and proxying HTTP traffic.
Recommended action
Primary action: update to a vendor-listed fixed release: 2.4.67. Vendor mitigation: Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- Apache HTTP Server through 2.4.66
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
- 2.4.67
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.