CVE-2026-34059
A critical heap-based buffer over-read vulnerability exists in the modproxyajp module of Apache HTTP Server, specifically within the ajpparsedata function when handling AJP protocol messages. This flaw allows attackers to read beyond allocated memory boundaries, potentially resulting in sensitive data disclosure or service denial. The vulnerability is identified as CVE-2026-34059 and requires immediate administrative intervention to prevent exploitation. System administrators can mitigate the risk by disabling the modproxyajp module and restarting the httpd service to restore secure operation.
CVE-2026-34032
A critical vulnerability in the modproxyajp module of Apache HTTP Server enables heap-based buffer over-reads when processing AJP protocol messages without proper null-termination checks. This flaw allows attackers to disclose sensitive memory contents or trigger denial of service conditions through malformed requests. The issue specifically impacts the interaction between the server and AJP clients, creating a direct path for exploitation. Administrators must disable the modproxyajp module and restart the httpd service to immediately mitigate the risk.