Azure Linux 3.0 Security Update: httpd (CVE-2025-23048)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23048 advisory. - In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by...

CVE-2025-49812

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Mitigation No mitigation is currently available that meets Red Hat Produ...