Oracle Linux 10 : httpd (ELSA-2025-15095)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15095 advisory. 2.4.63-1.0.1.2 - Replace index.html with Oracle's index page oracleindex.html. Tenable has extracted the preceding description block directly from th...

AZL-65097 CVE-2025-49812 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

SUSE CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...