Lucene search
K

6 matches found

F5 Networks
F5 Networks
added 2025/07/22 2:50 p.m.12 views

K000152669: Apache HTTPD vulnerability CVE-2025-23048

Security Advisory Description In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each...

9.1CVSS7.8AI score0.0097EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/07/19 12:0 a.m.8 views

CBL Mariner 2.0 Security Update: httpd (CVE-2025-23048)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23048 advisory. - In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by...

9.1CVSS7.5AI score0.0097EPSS
Exploits1References2
OSV
OSV
added 2025/07/10 5:15 p.m.8 views

CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.65 views

Juniper Junos OS Multiple Vulnerabilities (JSA11289)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11289 advisory. - curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Refere...

8.1CVSS7.6AI score0.60122EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2021/06/04 12:0 a.m.26 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1962)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way libcurl handled TLS 1.3 session tickets. A malicious HTTPS proxy could possibly use this flaw to make...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References3
Hacker One
Hacker One
added 2021/03/17 6:30 p.m.58 views

curl: CVE-2021-22890: TLS 1.3 session ticket proxy host mixup

Summary: I don't think that this can be easily exploitable, but I am submitting it as a security issue for precaution. I am not looking for a bounty. Commit 549310e907e82e44c59548351d4c6ac4aaada114 enables session resumption with TLS 1.3. Curl connections maintain two SSL contexts, one for the...

4.3CVSS5.4AI score0.03141EPSS
Exploits1
Rows per page
Query Builder