3 matches found
K000158042: Apache HTTP server vulnerabilities CVE-2024-47252 and CVE-2025-49812
Security Advisory Description CVE-2024-47252 Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/Transport Layer Security TLS client to insert escape characters into log files in some configurations. In a logging configuration whe...
CLSA-2025-1757014860 Fix CVE(s): CVE-2025-49812
SECURITY UPDATE: modssl TLS upgrade attack - debian/patches/CVE-2025-49812.patch: remove antiquated 'SSLEngine optional' TLS upgrade in modules/ssl/sslengineconfig.c, modules/ssl/sslengineinit.c, modules/ssl/sslenginekernel.c, modules/ssl/sslprivate.h. - CVE-2025-49812...
Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption...