CLSA-2026-1773772035 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: SNI validation issue in modssl - debian/patches/CVE-2025-23048.patch: update SNI validation to move the SSL compatibility check after strict SNI hostname verification in modules/ssl/sslenginekernel.c. - CVE-2025-23048...

RHEL 9 : httpd (RHSA-2025:14901)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14901 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2025-991046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991046 advisory. In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumptio...

Advisory ROSA-SA-2025-3082

Software: httpd 2.4.6 OS: rosa-server79 unaffected versions = httpd-2.4.6-99.0.7.res7.1 affected versions httpd-2.4.6-99.0.7.res7.1 CVE-ID: CVE-2024-47252 BDU-ID: 2025-08958 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modssl function of the Apache HTTP Server web server is related to a failu...

Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2228)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RLSA-2025:15023 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

httpd security update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

AlmaLinux 10 : httpd (ALSA-2025:15095)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15095 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TL...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987457)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987457 advisory. Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into lo...

Unity Linux 20.1070e Security Update: httpd (UTSA-2025-987456)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987456 advisory. In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTT...

RockyLinux 10 : httpd (RLSA-2025:15095)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15095 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using T...

httpd security update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

RLSA-2025:15095 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

AlmaLinux 9 : httpd (ALSA-2025:15023)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15023 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS...

CLSA-2025-1758914381 httpd: Fix of 4 CVEs

CVE-2025-49630: fix denial of service attack triggered by untrusted clients causing an assertion in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients in modssl configurations - CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from...

CLSA-2025-1758035415 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

CLSA-2025-1758035329 httpd: Fix of 2 CVEs

CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack...

CLSA-2025-1758031207 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

OESA-2025-2278 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP respons...