Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
Medium

Apache HTTP Server mod_proxy_ajp heap buffer over-read in ajp_msg_get_string

IdentifiersCVE-2026-34032CWE-170· Improper Null Termination

CVE-2026-34032 is an improper null termination vulnerability in Apache HTTP Server's mod_proxy_ajp component. The flaw is described as a heap-based buffer over-read caused by a missing null-termination check in the ajp_msg_get_string function. A crafted AJP message can cause the function to read past the intended string boundary on the heap, resulting in an out-of-bounds read. The issue affects Apache HTTP Server versions through 2.4.66 and was fixed in 2.4.67.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause limited disclosure of restricted information due to a heap out-of-bounds read. Available scoring information indicates confidentiality impact is low, with no demonstrated integrity or availability impact. The published CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating remote network exploitation with low attack complexity, no privileges, and no user interaction.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, reduce exposure of mod_proxy_ajp and the AJP processing path. Disable mod_proxy_ajp if it is not required, and restrict access to any AJP-facing or proxy paths to trusted systems only. More generally, minimize network reachability to services and back-end integrations that process AJP traffic until the fixed version can be deployed. Specific vendor-provided mitigations beyond upgrading were not provided in the supplied content.

Remediation

Patch, then assume compromise.

Upgrade Apache HTTP Server to version 2.4.67 or later. Apache states that version 2.4.67 fixes this issue in mod_proxy_ajp.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Apache Software FoundationHttp Serverapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

15 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

15 SOURCESView more in app
msrc microsoftNews
May 7, 2026
CVE-2026-34032 - Security Update Guide - Microsoft - Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

A heap buffer over-read vulnerability in Apache HTTP Server's mod_proxy_ajp component caused by a missing null-termination check in ajp_msg_get_string. The content indicates it is remotely exploitable over the network and primarily impacts confidentiality.

Read more
opennetNews
Dec 25, 2025
� Apache httpd 2.4.67 ��������� ���������� � HTTP/2, �� ����������� ���̣���� ���������� ����

Apache HTTP Server mod_proxy_ajp flaw that can cause a server crash due to improper handling of malformed input.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity8

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-34032
NVD
nvd.nist.gov/vuln/detail/CVE-2026-34032
MITRE CWE · CWE-170
Improper Null Termination
Vendor Advisory
httpd.apache.org/security/vulnerabilities_24.html
Third Party Advisory
openwall.com/lists/oss-security/2026/05/04/16