Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.
The mod_proxy_ajp module establishes a connection with an AJP backend. If the backend is malicious or has been compromised by an attacker, it can send a crafted AJP message. In response to such a message, mod_proxy_ajp writes 4 bytes controlled by the attacker beyond the end of the buffer allocated on the heap (heap-based buffer overflow, CWE-122). The error results from the lack of proper boundary verification during AJP response processing.
An attacker controlling an AJP server connected to the vulnerable mod_proxy_ajp can cause memory corruption, potentially resulting in arbitrary code execution (RCE), privilege escalation, or HTTP server process crash.
Apache HTTP Server should be updated to version 2.4.67 or later, which contains a patch eliminating the vulnerability. Details available at: https://httpd.apache.org/security/vulnerabilities_24.html
Apache HTTP Server in versions up to and including 2.4.66, when the mod_proxy_ajp module is configured.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache HTTP Server
APPApache< 2.4.67
Related vulnerabilities
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a ...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Use-after-free w Apache HTTP Server z mod_ldap (CVE-2026-29167)