Apache 2.4.18 was among the early versions to support the HTTP/2 protocol, but several vulnerabilities were found in its implementation:

In mod_authnz_ldap , a flaw existed where if an LDAP search returned multiple matches, Apache might authenticate using the first entry without verifying the correct password. Under certain configurations, an attacker could supply an empty password or a specially crafted username ( * ) to bypass LDAP authentication entirely.

Several high-profile Common Vulnerabilities and Exposures (CVEs) affect Apache httpd 2.4.18. Among the most significant are:

Apache Httpd 2.4.18 Exploit Now

Apache 2.4.18 was among the early versions to support the HTTP/2 protocol, but several vulnerabilities were found in its implementation:

In mod_authnz_ldap , a flaw existed where if an LDAP search returned multiple matches, Apache might authenticate using the first entry without verifying the correct password. Under certain configurations, an attacker could supply an empty password or a specially crafted username ( * ) to bypass LDAP authentication entirely. apache httpd 2.4.18 exploit

Several high-profile Common Vulnerabilities and Exposures (CVEs) affect Apache httpd 2.4.18. Among the most significant are: Apache 2