Bugs fixes in "apache2"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2025-49630 | In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untruste | 2025-07-16 |
| CVE | CVE-2025-23048 | In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 | 2025-07-16 |
| CVE | CVE-2024-47252 | Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape c | 2025-07-16 |
| CVE | CVE-2024-43204 | SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an | 2025-07-16 |
| CVE | CVE-2024-42516 | HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hos | 2025-07-16 |
| CVE | CVE-2025-53020 | Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63 | 2025-07-16 |
| CVE | CVE-2025-49812 | In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker | 2025-07-16 |
| CVE | CVE-2025-49630 | In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untruste | 2025-07-16 |
| CVE | CVE-2025-23048 | In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 | 2025-07-16 |
| CVE | CVE-2024-47252 | Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape c | 2025-07-16 |
| CVE | CVE-2024-43204 | SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an | 2025-07-16 |
| CVE | CVE-2024-42516 | HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hos | 2025-07-16 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
| CVE | CVE-2024-38474 | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by th | 2025-04-07 |
| Launchpad | 2103723 | Fix for CVE-2024-38474 also blocks %3f in appended query strings | 2025-04-07 |
About
-
Send Feedback to @ubuntu_updates
