filter>
| date ↕ | title ↕ | tags | description |
|---|---|---|---|
| CVE-2025-49630: Reachable Assertion in Apache mod_proxy_http2 — Discovered While Hunting CVE-2024-38477 | apache cve assertion mod_proxy http2 dos crlf 0-day | How i discovered the CVE-2025-49630 — a reachable assertion in `h2_proxy_util.c` that crashes all Apache workers with a single netcat command. Affects Apache 2.4.26 through 2.4.63. Fixed in 2.4.64. | |
| 1-Day Analysis: CVE-2024-38477 — NULL Pointer Dereference in Apache mod_proxy | apache cve null-pointer mod_proxy dos 1-day patch-diffing | 1-day analysis of CVE-2024-38477: a NULL pointer dereference in ap_proxy_determine_connection() when apr_uri_parse() returns success but leaves hostname NULL. Includes patch diff, GDB crash validation, and an honest account of failed exploitation attempts. | |
| From Cookie Parser to Crash: Root Cause Analysis of CVE-2021-26690 | apache cve null-pointer mod_session dos 1-day patch-diffing | Deep dive into CVE-2021-26690 — a NULL pointer dereference in Apache HTTP Server's mod_session that allows unauthenticated remote DoS via a crafted Cookie header. |