exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

BDU:2025-08976

9 месяцев назад

Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 9.1

EPSS: Низкий

CVE-2025-23048

около 1 месяца назад

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

CVSS3: 9.1

EPSS: Низкий

CVE-2025-23048

около 1 месяца назад

CVSS3: 7.5

EPSS: Низкий

CVE-2025-23048

около 1 месяца назад

CVSS3: 9.1

EPSS: Низкий

CVE-2025-23048

около 1 месяца назад

CVSS3: 9.1

EPSS: Низкий

CVE-2025-23048

около 1 месяца назад

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...

CVSS3: 9.1

EPSS: Низкий

ROS-20250724-11

29 дней назад

Уязвимость httpd

CVSS3: 9.1

EPSS: Низкий

GHSA-gh64-76r6-qhpc

около 1 месяца назад

CVSS3: 9.1

EPSS: Низкий

SUSE-SU-2025:02685-1

17 дней назад

Security update for apache2

EPSS: Низкий

SUSE-SU-2025:02684-1

17 дней назад

Security update for apache2

EPSS: Низкий

SUSE-SU-2025:02683-1

17 дней назад

Security update for apache2

EPSS: Низкий

SUSE-SU-2025:02682-1

17 дней назад

Security update for apache2

EPSS: Низкий

SUSE-SU-2025:02565-1

22 дня назад

Security update for apache2

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2025-08976 Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации	CVSS3: 9.1	0% Низкий	9 месяцев назад
CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.	CVSS3: 9.1	0% Низкий	около 1 месяца назад
CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.	CVSS3: 9.1	0% Низкий	около 1 месяца назад
CVE-2025-23048	CVSS3: 9.1	0% Низкий	около 1 месяца назад
CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...	CVSS3: 9.1	0% Низкий	около 1 месяца назад
ROS-20250724-11 Уязвимость httpd	CVSS3: 9.1	0% Низкий	29 дней назад
GHSA-gh64-76r6-qhpc In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.	CVSS3: 9.1	0% Низкий	около 1 месяца назад
SUSE-SU-2025:02685-1 Security update for apache2			17 дней назад
SUSE-SU-2025:02684-1 Security update for apache2			17 дней назад
SUSE-SU-2025:02683-1 Security update for apache2			17 дней назад
SUSE-SU-2025:02682-1 Security update for apache2			17 дней назад
SUSE-SU-2025:02565-1 Security update for apache2			22 дня назад

Уязвимостей на страницу