Multiple CVEs Disclosed for Apache HTTP Server Vulnerabilities

Multiple CVEs Disclosed for Apache HTTP Server Vulnerabilities

First seen 18 Feb 2026, 11:17 UTC Api.Msrc.Microsoft 79% similarity 65.0

Article Content

Browse articles
ThreatCluster

Four vulnerabilities affecting the Apache HTTP Server have been disclosed, including source code disclosures and denial-of-service (DoS) issues. The vulnerabilities, identified as CVE-2024-39884, CVE-2024-40725, CVE-2024-27316, and CVE-2024-36387, impact configurations using AddType and HTTP/2 features. Organizations using affected versions of Apache HTTP Server should assess their systems for these vulnerabilities.

ThreatCluster AI

Timeline

2024-04-04
CVE-2024-27316 published
2024-04-09
First public PoC for CVE-2024-27316
2024-07-01
CVE-2024-36387 published
2024-07-04
CVE-2024-39884 published
2024-07-18
CVE-2024-40725 published
2024-07-19
First public PoC for CVE-2024-40725
2026-02-18
Information published about all four CVEs

Community

Browse all →