httpd: Fix of 2 CVEs

🗓️ 16 Sep 2025 15:10:19Reported by CloudLinuxType

cloudlinux

cloudlinux🔗 repo.cloudlinux.com👁 3 Views

Httpd fixes two CVEs: escape handling in mod_ssl to prevent log injection and TLS upgrade removal to stop desynchronisation.

Reporter	Title	Published	Views	Family All 307
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	22 Dec 202509:22	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in httpd library (CVE-2024-47252, CVE-2025-23048, CVE-2025-49630) affect Power HMC.	20 Nov 202506:09	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.	14 Nov 202510:42	–	ibm
FreeBSD	Apache httpd -- Multiple vulnerabilities	10 Jul 202500:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1125)	4 Aug 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : httpd (ALAS-2025-2958)	4 Aug 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : httpd (ALSA-2025:15023)	29 Sep 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : httpd (ALSA-2025:15095)	9 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : httpd:2.4 (ALSA-2025:15123)	4 Sep 202500:00	–	nessus
Tenable Nessus	Apache 2.4.x < 2.4.64 Multiple Vulnerabilities	11 Jul 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Centos	6	x86_64	httpd	2.2.15	httpd-2.2.15-72.el6.tuxcare.els10.src.rpm
Centos	6	i686	httpd-devel	2.2.15	httpd-2.2.15-72.el6.tuxcare.els10.src.rpm
Centos	6	x86_64	httpd-devel	2.2.15	httpd-2.2.15-72.el6.tuxcare.els10.src.rpm
Centos	6	noarch	httpd-manual	2.2.15	httpd-2.2.15-72.el6.tuxcare.els10.src.rpm
Centos	6	x86_64	httpd-tools	2.2.15	httpd-2.2.15-72.el6.tuxcare.els10.src.rpm
Centos	6	x86_64	mod_ssl	2.2.15	httpd-2.2.15-72.el6.tuxcare.els10.src.rpm

16 Sep 2025 15:10Current

7High risk

Vulners AI Score7

CVSS 3.17.5

EPSS0.005

SSVC

log injection mod_ssl escape tls upgrade removal desynchronisation mitigation