CVEFinder.io

CVE-2026-29170

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

CVSS Score
6.1
Medium
EPSS Score
0.6
Exploit Probability
Published Date
2026-06-08
First Seen: 2026-06-09
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 38.9% of all 328,009 vulnerabilities in our database.

#200,536
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 8, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
Pavel Kohout, Aisle Research, Aisle.com
SSVC data provided by CISA
Last Modified 2026-06-09
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-79

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
apache http_server Affected
< 2.4.68

πŸ”— References 2

https://httpd.apache.org/security/vulnerabilities_24...
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/06/08/5
Mailing List Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-29167 β›” critical 9.8 0.7 Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apac... 2026-06-08
CVE-2026-34355 ⚠️ high 7.5 0.6 A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. U... 2026-06-08
CVE-2026-34356 ⚠️ high 7.5 0.7 Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie... 2026-06-08
CVE-2026-42535 β›” critical 9.1 0.6 A path handling issue in mod_dav_fs in Apache 2.4.67 and earlierΒ allows a WebDAV content author to directly manipulate ... 2026-06-08
CVE-2026-42536 ⚠️ high 7.5 0.5 Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content ... 2026-06-08
CVE-2026-43951 πŸ”Ά medium 6.5 0.5 Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. T... 2026-06-08
These CVEs affect the same products