Количество 35
Количество 35
RLSA-2025:15095
Moderate: httpd security update
RLSA-2025:15023
Moderate: httpd security update
ELSA-2025-15095
ELSA-2025-15095: httpd security update (MODERATE)
ELSA-2025-15023
ELSA-2025-15023: httpd security update (MODERATE)
RLSA-2025:15123
Moderate: httpd:2.4 security update
ELSA-2025-15123
ELSA-2025-15123: httpd:2.4 security update (MODERATE)
SUSE-SU-2025:02685-1
Security update for apache2
SUSE-SU-2025:02684-1
Security update for apache2
SUSE-SU-2025:02683-1
Security update for apache2
SUSE-SU-2025:02682-1
Security update for apache2
SUSE-SU-2025:02565-1
Security update for apache2
ELSA-2025-14997
ELSA-2025-14997: httpd security update (MODERATE)
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
CVE-2025-49812
Apache HTTP Server: mod_ssl TLS upgrade attack
CVE-2025-49812
In some mod_ssl configurations on Apache HTTP Server versions through ...
ROS-20250929-15
Множественные уязвимости httpd
GHSA-2mcx-3xj5-wg86
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.
BDU:2025-08696
Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2025:15095 Moderate: httpd security update | 3 месяца назад | ||
| RLSA-2025:15023 Moderate: httpd security update | 2 месяца назад | ||
| ELSA-2025-15095 ELSA-2025-15095: httpd security update (MODERATE) | 4 месяца назад | ||
| ELSA-2025-15023 ELSA-2025-15023: httpd security update (MODERATE) | 4 месяца назад | ||
| RLSA-2025:15123 Moderate: httpd:2.4 security update | 3 месяца назад | ||
| ELSA-2025-15123 ELSA-2025-15123: httpd:2.4 security update (MODERATE) | 4 месяца назад | ||
 | SUSE-SU-2025:02685-1 Security update for apache2 | 5 месяцев назад | ||
| SUSE-SU-2025:02684-1 Security update for apache2 | 5 месяцев назад | ||
| SUSE-SU-2025:02683-1 Security update for apache2 | 5 месяцев назад | ||
| SUSE-SU-2025:02682-1 Security update for apache2 | 5 месяцев назад | ||
| SUSE-SU-2025:02565-1 Security update for apache2 | 5 месяцев назад | ||
| ELSA-2025-14997 ELSA-2025-14997: httpd security update (MODERATE) | 2 месяца назад | ||
 | CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.4 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.5 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.4 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack | CVSS3: 7.4 | 0% Низкий | 5 месяцев назад |
| CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through ... | CVSS3: 7.4 | 0% Низкий | 5 месяцев назад |
 | ROS-20250929-15 Множественные уязвимости httpd | CVSS3: 7.5 | 3 месяца назад | |
| GHSA-2mcx-3xj5-wg86 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade. | CVSS3: 7.4 | 0% Низкий | 5 месяцев назад |
 | BDU:2025-08696 Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу