CVE-2025-49630

Опубликовано: 10 июл. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.

Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

Ссылки

https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.4.26 (включая) до 2.4.64 (исключая)

EPSS

Процентиль: 55%

0.0033

Низкий

7.5 High

CVSS3

Дефекты

CWE-617

Связанные уязвимости

CVE-2025-49630

CVSS3: 7.5

ubuntu

3 месяца назад

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

CVE-2025-49630

CVSS3: 7.5

redhat

3 месяца назад

CVE-2025-49630

CVSS3: 7.5

msrc

3 месяца назад

Описание отсутствует

CVE-2025-49630

CVSS3: 7.5

debian

3 месяца назад

In certain proxy configurations, a denial of service attack againstApa ...

RLSA-2025:14625

rocky

12 дней назад

Moderate: mod_http2 security update

EPSS

Процентиль: 55%

0.0033

Низкий

7.5 High

CVSS3

Дефекты

CWE-617