Multiple Apache Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-26413 CVSS:5.3

Apache Kvrocks is vulnerable to a denial of service, caused by the failure to check if the 'offset' input is a positive integer by the SETRANGE command. By using the input as an index of a string and the index being out of range, a remote attacker could cause the server to crash.

CVE-2025-27820 CVSS:7.5

Apache HttpClient could allow a remote attacker to bypass cookie management and host name verification, caused by a flaw in the PSL validation logic.

Impact

Denial of Service
Security Bypass

Indicators of Compromise

CVE

CVE-2025-26413
CVE-2025-27820

Affected Vendors

Apache

Affected Products

Apache Kvrocks - 2.11.1
Apache HttpClient - 5.4.0 - 5.4.1 - 5.4.2

Remediation

Upgrade to the latest version, available from the Apache Website.

CVE-2025-26413

CVE-2025-27820

Microsoft’s Symlink Update Introduces New DoS Vulnerability

Cyberattack Targets Exposed MS-SQL Servers

Multiple Apache Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan