RockyLinux 9 : mod_http2 (RLSA-2025:14983)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:14983 advisory. httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 Tenable has extracted the...

RockyLinux 10 : mod_http2 (RLSA-2025:14625)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:14625 advisory. httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 Tenable has extracted the...

CLSA-2025-1758914381 httpd: Fix of 4 CVEs

CVE-2025-49630: fix denial of service attack triggered by untrusted clients causing an assertion in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients in modssl configurations - CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from...

Moderate: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : httpd:2.4 (RHSA-2025:15684)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15684 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

AZL-65220 CVE-2025-49630 affecting package httpd for versions less than 2.4.64-1

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

AZL-65133 CVE-2025-49630 affecting package mod_http2 1.15.14-2

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

ALPINE-CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

PT-2025-29118

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.26 through 2.4.63 Description: In specific proxy setups, an untrusted client can trigger a denial of service against Apache HTTP Server. This occurs due to an assertion within the mod proxy http2 module when...