PT-2026-36798 · Apache+3 · Apache Http Server+3

Elhanan Haenel

Published

2026-03-20

Updated

2026-06-08

CVE-2026-34059

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67

Description A buffer over-read issue exists in the mod proxy ajp module, specifically within the ajp parse data() function. This flaw can lead to a heap over-read and memory disclosure, potentially exposing sensitive memory data. A buffer over-read occurs when a program reads more data from a buffer than it is intended to, which can lead to the leakage of adjacent memory contents.

Recommendations Upgrade to version 2.4.67. Limit exposure and monitor for abnormal requests.

Fix

DoS

Buffer Over-read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126

Related Identifiers

ALSA-2026:21391

ALSA-2026:21433

ALSA-2026:22140

BDU:2026-06408

BIT-APACHE-2026-34059

CVE-2026-34059

OESA-2026-2316

OESA-2026-2318

OESA-2026-2319

OESA-2026-2320

OESA-2026-2401

OPENSUSE-SU-2026:10785-1

RHSA-2026:13938

USN-8239-1

USN-8396-1

Affected Products

Apache Http Server

Linuxmint

Rocky Linux

Ubuntu

PT-2026-36798 · Apache+3 · Apache Http Server+3

CVE-2026-34059

Weakness Enumeration

Related Identifiers

Affected Products

References · 98