This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
genisis__
MVP Silver
MVP Silver
3 weeks ago

Apache Vulnerabilities

Hi.

 

Do Checkpoint have a response to the below Redhat CVEs yet?

CVE-2026-23918 

CVE-2026-24072 

CVE-2026-28780 

CVE-2026-29168 

CVE-2026-29169 

CVE-2026-33006 

CVE-2026-33007 

CVE-2026-33523 

CVE-2026-33857 

CVE-2026-34032 

CVE-2026-34059  

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
3 weeks ago

Most of these CVEs are for modules/functions we don't use in our implementation, as near as I can tell.
Having said that, if you're looking for an official answer, that'll require a TAC case. 

0 Kudos
genisis__
MVP Silver
MVP Silver
3 weeks ago
In response to PhoneBoy

Thanks..I will raise a TAC case, for a formal response.

TAC have come back with the below:

  • CVE-2026-23918 - Not vulnerable.  The vulnerability affects only Apache HTTP Server 2.4.66; the product ships with version 2.4.61, which is not in the affected range.
  • CVE-2026-29168 -  Not vulnerable. mod_md is not shipped with our images. 
  • CVE-2026-24072 - Not exploitable. The product does not allow non-administrative users to author .htaccess files. Only the root/admin user has write access to the web tree, so there is no privilege boundary for the bug to cross. Additionally, AllowOverride None is configured, so .htaccess files would be ignored even if planted.
  • CVE-2026-29169 - Not exploitable. mod_dav_lock is loaded as a default module but is not configured: no Dav directives and no DavGenericLockDB exist in the Apache configuration.
  • CVE-2026-33006 - Not exploitable. The product does not use HTTP Digest authentication.
  • CVE-2026-33007 - Not exploitable. The product is not configured as a forward proxy. The vulnerable code path requires a caching forward proxy configuration.
  • CVE-2026-33523 - Not exploitable. The product does not relay HTTP responses from untrusted or third-party backend servers. 
  • CVE-2026-28780 - Not exploitable - AJP module is shipped, but not loaded with default configuration. The product does not use the AJP protocol.
  • CVE-2026-33857- Not exploitable - AJP module is shipped, but not loaded with default configuration. The product does not use the AJP protocol.
  • CVE-2026-34032- Not exploitable - AJP module is shipped, but not loaded with default configuration. The product does not use the AJP protocol.
  • CVE-2026-34059 - Not exploitable - AJP module is shipped, but not loaded with default configuration. The product does not use the AJP protocol.

    Additionally below will be updated as well soon:
     sk182900 - Check Point response to Apache HTTP Server CVEs
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    In-Person

    Fri 12 Jun 2026 @ 09:00 AM (CEST)

    Netzwerk- & Cloud-Workshop: Wien
    In-Person

    Tue 16 Jun 2026 @ 08:00 AM (EDT)

    Montreal: P’tits déj Cyber! | Cyber Breakfasts!
    CheckMates Events