Apache HTTP Server Allows Unintended Access to Restricted Resources

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Allows Unintended Access to Restricted Resources

CVE-2025-68124

Summary

Apache HTTP Server may allow unauthorized access to sensitive files if a user is able to guess a specific, reserved but unused URL. This could potentially allow an attacker to access sensitive data or perform unauthorized actions. Update the server configuration to restrict access to all unused URLs.

Original title

Rejected reason: reserved but not needed

Original description

Rejected reason: reserved but not needed

Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026