Описание
ELSA-2025-14983: mod_http2 security update (MODERATE)
[2.0.26-4.1]
- Resolves: RHEL-99956 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
mod_http2
2.0.26-4.el9_6.1
Oracle Linux x86_64
mod_http2
2.0.26-4.el9_6.1
Связанные CVE
Связанные уязвимости
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".
In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".
In certain proxy configurations, a denial of service attack againstApa ...