FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache httpd -- Multiple vulnerabilities

Affected packages
apache24 < 2.4.64

Details

VuXML ID 342f2a0a-5e9b-11f0-8baa-8447094a420f
Discovery 2025-07-10
Entry 2025-07-11

The Apache httpd project reports:

moderate: Apache HTTP Server: HTTP response splitting (CVE-2024-42516)

low: Apache HTTP Server: SSRF with mod_headers setting Content-Type header (CVE-2024-43204)

moderate: Apache HTTP Server: SSRF on Windows due to UNC paths (CVE-2024-43394)

low: Apache HTTP Server: mod_ssl error log variable escaping (CVE-2024-47252)

moderate: Apache HTTP Server: mod_ssl access control bypass with session resumption (CVE-2025-23048)

low: Apache HTTP Server: mod_proxy_http2 denial of service (CVE-2025-49630)

moderate: Apache HTTP Server: mod_ssl TLS upgrade attack (CVE-2025-49812)

moderate: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)

[source]

References

CVE Name CVE-2024-42516
CVE Name CVE-2024-43204
CVE Name CVE-2024-43394
CVE Name CVE-2024-47252
CVE Name CVE-2025-23048
CVE Name CVE-2025-49630
CVE Name CVE-2025-49812
CVE Name CVE-2025-53020
URL https://httpd.apache.org/security/vulnerabilities_24.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.