MiracleLinux 7 : httpd-2.4.6-99.1.0.10.el7.AXS7 (AXSA:2025-10901:08)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10901:08 advisory. CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files...

TencentOS Server 2: httpd (TSSA-2025:0801)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0801 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

CLSA-2025-1758914697 httpd: Fix of 4 CVEs

CVE-2025-49630: fix assertion caused by untrusted clients triggering denial of service attack in modproxyhttp2 - CVE-2025-23048: fix access control bypass by trusted clients using TLS 1.3 session resumption - CVE-2024-47252: escape user-supplied data to prevent log file injection in modssl -...

httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

CLSA-2025-1758035329 httpd: Fix of 2 CVEs

CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack...

CLSA-2025-1758031207 httpd: Fix of 2 CVEs

CVE-2024-47252: escape characters are now properly handled in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to mitigate HTTP desynchronisation attack...

CLSA-2025-1758031199 httpd: Fix of 2 CVEs

CVE-2024-47252: escape user-supplied data in modssl to prevent untrusted SSL/TLS clients from inserting escape characters into log files - CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack...

Linux Distros Unpatched Vulnerability : CVE-2010-2199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deleti...

SUSE CVE-2010-2198

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by...

DEBIAN-CVE-2010-2199

lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to...