Lucene search
K

18 matches found

OSV
OSV
added 2026/06/02 2:15 p.m.11 views

EEF-CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 i...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Apache2

In some modssl configurations of the Apache HTTP Server, from versions up to 2.4.63, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session through a TLS upgrade. Only configurations that use “SSLEngine optional” to enable TLS upgrades are affected. Users a...

7.4CVSS7AI score0.00516EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 9:13 a.m.10 views

CVE-2025-11915 HTTP Desynchronisation in Vertex AI for certain third-party models

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...

6.9CVSS0.00293EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.5 views

TencentOS Server 2: httpd (TSSA-2025:0801)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0801 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

7.5CVSS7.3AI score0.00669EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/10/13 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2228)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.7AI score0.0097EPSS
Exploits1References2
OSV
OSV
added 2025/09/16 3:10 p.m.6 views

CLSA-2025-1758035415 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

7.5CVSS7.1AI score0.00669EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2025/09/16 3:10 p.m.7 views

httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

7.5CVSS7AI score0.00669EPSS
Exploits0
OSV
OSV
added 2025/09/16 3:8 p.m.7 views

CLSA-2025-1758035329 httpd: Fix of 2 CVEs

CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack...

7.5CVSS7.1AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 2:0 p.m.11 views

CLSA-2025-1758031207 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

7.5CVSS7.1AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 10:46 a.m.5 views

CLSA-2025-1757501175 httpd: Fix of CVE-2025-49812

CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attacks in modssl configurations...

7.4CVSS7.1AI score0.00516EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/09/10 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2010)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS6.7AI score0.0097EPSS
Exploits1References2
Veracode
Veracode
added 2025/07/16 4:59 p.m.3 views

HTTP Desynchronisation Attack

Apache HTTP Server modssl is vulnerable to an HTTP desynchronisation Attack. The vulnerability is due to the use of SSLEngine optional for enabling TLS upgrades, which allows a man-in-the-middle attacker to exploit request desynchronisation and hijack an active HTTP session during the TLS upgrade...

7.4CVSS7.3AI score0.00516EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2025/07/10 5:15 p.m.6 views

CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS0.00516EPSS
Exploits0References5
OSV
OSV
added 2025/07/10 5:15 p.m.7 views

CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2025/07/10 5:15 p.m.2 views

DEBIAN-CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS7.2AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:15 p.m.3 views

ALPINE-CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS6.8AI score0.00516EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 5:15 p.m.3 views

UBUNTU-CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS7.1AI score0.00516EPSS
Exploits0References7
CVE
CVE
added 2025/07/10 4:58 p.m.418 views

CVE-2025-49812

CVE-2025-49812 affects Apache HTTP Server (httpd) via mod_ssl in some mod_ssl configurations up to version 2.4.63. An HTTP desynchronisation attack lets a MITM hijack a session during TLS upgrade when SSLEngine optional is used. Upgrading to httpd 2.4.64 (which removes TLS upgrade support) is the...

7.4CVSS6.4AI score0.00516EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder