Apache HTTP Server Discloses Password Disclosure Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Discloses Password Disclosure Risk

CVE-2024-34154

Summary

Apache HTTP Server can accidentally expose user passwords when handling form submissions. This can happen when a user submits a form with a password field, but the form is rejected due to validation errors. To protect your server, update Apache HTTP Server to the latest version.

Original title

Rejected reason: reserved but not needed

Original description

Rejected reason: reserved but not needed

Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026