Количество 17
Количество 17
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
CVE-2025-49812
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through ...
GHSA-2mcx-3xj5-wg86
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
BDU:2025-08696
Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
RLSA-2025:15095
Moderate: httpd security update
ELSA-2025-15095
ELSA-2025-15095: httpd security update (MODERATE)
ELSA-2025-15023
ELSA-2025-15023: httpd security update (MODERATE)
ELSA-2025-15123
ELSA-2025-15123: httpd:2.4 security update (MODERATE)
SUSE-SU-2025:02685-1
Security update for apache2
SUSE-SU-2025:02684-1
Security update for apache2
SUSE-SU-2025:02683-1
Security update for apache2
SUSE-SU-2025:02682-1
Security update for apache2
SUSE-SU-2025:02565-1
Security update for apache2
ROS-20250929-15
Множественные уязвимости httpd
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.4 | 0% Низкий | 3 месяца назад |
 | CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.4 | 0% Низкий | 3 месяца назад |
 | CVSS3: 7.4 | 0% Низкий | 3 месяца назад | |
| CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through ... | CVSS3: 7.4 | 0% Низкий | 3 месяца назад |
| GHSA-2mcx-3xj5-wg86 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.4 | 0% Низкий | 3 месяца назад |
 | BDU:2025-08696 Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | RLSA-2025:15095 Moderate: httpd security update | 12 дней назад | ||
| ELSA-2025-15095 ELSA-2025-15095: httpd security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2025-15023 ELSA-2025-15023: httpd security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2025-15123 ELSA-2025-15123: httpd:2.4 security update (MODERATE) | около 1 месяца назад | ||
 | SUSE-SU-2025:02685-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02684-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02683-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02682-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02565-1 Security update for apache2 | 3 месяца назад | ||
 | ROS-20250929-15 Множественные уязвимости httpd | CVSS3: 7.5 | 17 дней назад |
Уязвимостей на страницу