MiracleLinux 8 : httpd:2.4 (AXSA:2024-8622:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8622:01 advisory. httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of outpu...

MiracleLinux 9 : mod_proxy_cluster-1.3.22-1.el9_6.1 (AXSA:2025-10590:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10590:02 advisory. modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 Tenable has extracted the preceding description block directly from the...

Oracle Linux 7 : httpd (ELSA-2026-0075)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0075 advisory. - Fix CVE-2025-58098 Orabug: 38816066 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 - Differentiate trusted sources Orabug:...

httpd security update

2.4.6-99.0.9.1 - Fix CVE-2025-58098 Orabug: 38816066 2.4.6-99.0.7.1 - Fixed security update CVE-2024-47252 CVE-2025-49812 Orabug: 38378160 2.4.6-99.0.5.1 - Differentiate trusted sources Orabug: 37100272CVE-2024-38476 2.4.6-99.0.3.1 - Opt-ins for unsafe prefixstat and %3f Orabug:...

Astra Linux – Vulnerability in Apache2

In the Apache HTTP Server with modproxy loaded, SSRF allows an attacker to send outbound proxy requests to a URL controlled by the attacker. This requires a unusual configuration, where modheaders is used to modify the Content-Type header of the request or response, with a value provided in the...

CLSA-2025-1761747106 Fix CVE(s): CVE-2024-38477

SECURITY UPDATE: null pointer dereference in modproxy - debian/patches/CVE-2024-38477.patch: validate hostname in modules/proxy/proxyutil.c. Restart from the original URL on reconnect in modules/http2/modproxyhttp2.c. - CVE-2024-38477...

EulerOS 2.0 SP13 : httpd (EulerOS-SA-2025-2262)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...

RockyLinux 9 : mod_http2 (RLSA-2025:14983)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:14983 advisory. httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 Tenable has extracted the...

Unity Linux 20.1070e Security Update: mod_http2 (UTSA-2025-986109)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986109 advisory. In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987458 advisory. SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely...

RockyLinux 10 : mod_http2 (RLSA-2025:14625)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:14625 advisory. httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 Tenable has extracted the...

RockyLinux 9 : mod_proxy_cluster (RLSA-2025:9434)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9434 advisory. modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 Tenable has extracted the preceding description block directly from the RockyLinux...

RockyLinux 10 : mod_proxy_cluster (RLSA-2025:9466)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:9466 advisory. modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 Tenable has extracted the preceding description block directly from the RockyLinux...

RLSA-2025:9434 Moderate: mod_proxy_cluster security update

The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: modproxycluster: modproxycluster unauthorized MCMP requests CVE-2024-10306 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

mod_proxy_cluster security update

An update is available for modproxycluster. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modproxycluster module is a plugin for the Apache HTTP Server th...

CLSA-2025-1758914381 httpd: Fix of 4 CVEs

CVE-2025-49630: fix denial of service attack triggered by untrusted clients causing an assertion in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients in modssl configurations - CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from...

Moderate: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

OESA-2025-2278 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...

RHEL 8 : httpd:2.4 (RHSA-2025:15684)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15684 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2025-2010)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacke...