Lucene search
K

633 matches found

RedHat Linux
RedHat Linux
added 2025/09/10 12:38 p.m.8 views

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.1CVSS7.4AI score0.01149EPSS
Exploits1References5
OSV
OSV
added 2025/09/08 2:19 p.m.9 views

RLSA-2025:15123 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...

7.5CVSS6.6AI score0.01149EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.7 views

RHEL 8 : httpd:2.4 (RHSA-2025:15123)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15123 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

9.1CVSS7.7AI score0.01149EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2025/09/02 5:51 a.m.7 views

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS5.8AI score0.00669EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.11 views

Oracle Linux 9 : httpd (ELSA-2025-15023)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15023 advisory. - Resolves: RHEL-99949 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade - Resolves: RHEL-99972 - CVE-2024-47252 httpd: insufficient...

9.8CVSS7.2AI score0.03914EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/31 12:0 a.m.8 views

RHEL 9 : httpd (RHSA-2025:14902)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14902 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

9.1CVSS7.7AI score0.0097EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/05 12:0 a.m.9 views

SUSE SLED15: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2025:02684-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02684-1 advisory. - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when...

9.1CVSS7.1AI score0.04409EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2025/08/01 12:0 a.m.8 views

SUSE SLES12: apache2 / apache2-devel / apache2-doc / apache2-example-pages / etc (SUSE-SU-2025:02565-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02565-1 advisory. - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to...

9.1CVSS7.1AI score0.04409EPSS
Exploits2References22
Redos
Redos
added 2025/07/24 12:0 a.m.9 views

ROS-20250724-11

Vulnerability in Apache HTTP Server web server kernel is related to access control bypass with resume session resumption in modssl. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the enforced security restrictions...

9.1CVSS6.1AI score0.0097EPSS
Exploits1
F5 Networks
F5 Networks
added 2025/07/22 2:50 p.m.12 views

K000152669: Apache HTTPD vulnerability CVE-2025-23048

Security Advisory Description In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each...

9.1CVSS7.8AI score0.0097EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/07/19 12:0 a.m.9 views

Azure Linux 3.0 Security Update: httpd (CVE-2025-23048)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23048 advisory. - In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by...

9.1CVSS7.5AI score0.0097EPSS
Exploits1References2
CNVD
CNVD
added 2025/07/18 12:0 a.m.126 views

Unspecified Vulnerability in Apache HTTP Server (CNVD-2025-16614)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...

7.5CVSS6.8AI score0.00669EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/07/16 5:25 p.m.15 views

USN-7639-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

9.1CVSS7.5AI score0.04409EPSS
Exploits2
OSV
OSV
added 2025/07/16 7:56 a.m.3 views

BIT-APACHE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS5.9AI score0.00516EPSS
Exploits0References6
OSV
OSV
added 2025/07/16 7:56 a.m.98 views

BIT-APACHE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS6AI score0.0097EPSS
Exploits1References5
OSV
OSV
added 2025/07/16 7:56 a.m.12 views

BIT-APACHE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

7.5CVSS5.9AI score0.00669EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/07/12 5:16 p.m.11 views

CVE-2025-23048

An access control bypass vulnerability was found in Apache httpd. The Apache HTTP Server with some modssl configurations can bypass the access controls by trusted clients using TLS 1.3 session resumption. A client trusted to access one virtual host may be able to access another if...

9.1CVSS6.1AI score0.0097EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/12 5:16 p.m.5 views

CVE-2024-47252

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS6.2AI score0.00669EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/12 5:16 p.m.5 views

CVE-2025-49812

An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Mitigation No mitigation is currently available that meets Red Hat Produ...

7.5CVSS5.9AI score0.00516EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/07/11 12:0 a.m.7 views

Apache HTTP Server 2.4.35 < 2.4.64 Access Control Bypass Vulnerability - Linux

Apache HTTP Server is prone to an access control bypass vulnerability in modssl. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.1CVSS7.2AI score0.0097EPSS
Exploits1References1
Rows per page
Query Builder