RHEL 9 : httpd (RHSA-2025:14902)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14902 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

CBL Mariner 2.0 Security Update: httpd (CVE-2025-49812)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...

Azure Linux 3.0 Security Update: httpd (CVE-2025-49812)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49812 advisory. - In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation...

CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...