PT-2026-37041 · Apache+2 · Apache Http Server+2

Pavel Kohout

Published

2026-03-02

Updated

2026-06-20

CVE-2026-29168

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.66

Description An issue exists in the mod md module where resource allocation occurs without limits or throttling when processing OCSP response data. OCSP (Online Certificate Status Protocol) is a protocol used to determine the current revocation status of a digital certificate.

Recommendations Upgrade to version 2.4.67.

Fix

DoS

Allocation of Resources Without Limits

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-476

Related Identifiers

BDU:2026-06409

BIT-APACHE-2026-29168

CVE-2026-29168

OESA-2026-2316

OESA-2026-2318

OESA-2026-2319

OESA-2026-2320

OESA-2026-2401

OPENSUSE-SU-2026:10785-1

SUSE-SU-2026:22199-1

SUSE-SU-2026:22209-1

USN-8239-1

Affected Products

Apache Http Server

Linuxmint

Ubuntu

PT-2026-37041 · Apache+2 · Apache Http Server+2

CVE-2026-29168

Weakness Enumeration

Related Identifiers

Affected Products

References · 77