Oracle Linux 10 : httpd (ELSA-2025-15095)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15095 advisory. 2.4.63-1.0.1.2 - Replace index.html with Oracle's index page oracleindex.html. Tenable has extracted the preceding description block directly from th...

RHEL 8 : httpd:2.4 (RHSA-2025:15123)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15123 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

RHSA-2025:14997 Red Hat Security Advisory: httpd security update

Bulletin has no description...

httpd: HTTP Session Hijack via a TLS upgrade

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 9 : httpd (RHSA-2025:15023)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15023 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

Oracle Linux 9 : mod_http2 (ELSA-2025-14983)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-14983 advisory. 2.0.26-4.1 - Resolves: RHEL-99956 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module Tenable...

ALSA-2025:15023 Moderate: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

RHEL 7 : httpd (RHSA-2025:14998)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14998 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP Session Hijack via ...

Oracle Linux 9 : httpd (ELSA-2025-15023)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15023 advisory. - Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade - Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient...

CVE-2025-9748 Tenda CH22 httpd IPSECsave fromIpsecitem stack-based overflow

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote...

RHSA-2025:14902 Red Hat Security Advisory: httpd security update

Bulletin has no description...

RHSA-2025:14903 Red Hat Security Advisory: httpd security update

Bulletin has no description...