Количество 17
Количество 17
CVE-2025-23048
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
CVE-2025-23048
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
CVE-2025-23048
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
CVE-2025-23048
CVE-2025-23048
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ...
ROS-20250724-11
Уязвимость httpd
GHSA-gh64-76r6-qhpc
In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
BDU:2025-08976
Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
RLSA-2025:15095
Moderate: httpd security update
ELSA-2025-15095
ELSA-2025-15095: httpd security update (MODERATE)
ELSA-2025-15023
ELSA-2025-15023: httpd security update (MODERATE)
ELSA-2025-15123
ELSA-2025-15123: httpd:2.4 security update (MODERATE)
SUSE-SU-2025:02685-1
Security update for apache2
SUSE-SU-2025:02684-1
Security update for apache2
SUSE-SU-2025:02683-1
Security update for apache2
SUSE-SU-2025:02682-1
Security update for apache2
SUSE-SU-2025:02565-1
Security update for apache2
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host. | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
 | CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host. | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
 | CVSS3: 9.1 | 0% Низкий | 3 месяца назад | |
| CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to ... | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
 | ROS-20250724-11 Уязвимость httpd | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
| GHSA-gh64-76r6-qhpc In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host. | CVSS3: 9.1 | 0% Низкий | 3 месяца назад |
 | BDU:2025-08976 Уязвимость функции mod_ssl веб-сервера Apache HTTP Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 9.1 | 0% Низкий | 11 месяцев назад |
 | RLSA-2025:15095 Moderate: httpd security update | 12 дней назад | ||
| ELSA-2025-15095 ELSA-2025-15095: httpd security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2025-15023 ELSA-2025-15023: httpd security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2025-15123 ELSA-2025-15123: httpd:2.4 security update (MODERATE) | около 1 месяца назад | ||
 | SUSE-SU-2025:02685-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02684-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02683-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02682-1 Security update for apache2 | 2 месяца назад | ||
| SUSE-SU-2025:02565-1 Security update for apache2 | 3 месяца назад |
Уязвимостей на страницу