CLSA-2025-1758914697

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1758914697

Upstream

CVE-2024-47252

CVE-2025-23048

CVE-2025-49630

CVE-2025-49812

Published

2025-09-26T19:25:04Z

Modified

2026-06-01T00:33:12.521008389Z

Summary

httpd: Fix of 4 CVEs

Details

CVE-2025-49630: fix assertion caused by untrusted clients triggering denial of service attack in modproxyhttp2
CVE-2025-23048: fix access control bypass by trusted clients using TLS 1.3 session resumption
CVE-2024-47252: escape user-supplied data to prevent log file injection in mod_ssl
CVE-2025-49812: remove support for TLS upgrade to prevent HTTP desynchronisation attack

References

https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2025-1758914697.html

Affected packages

TuxCare:CentOS:8.4

httpd

Package

Name: httpd
Purl: pkg:rpm/tuxcare/httpd?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

httpd-devel

Package

Name: httpd-devel
Purl: pkg:rpm/tuxcare/httpd-devel?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

httpd-filesystem

Package

Name: httpd-filesystem
Purl: pkg:rpm/tuxcare/httpd-filesystem?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

httpd-manual

Package

Name: httpd-manual
Purl: pkg:rpm/tuxcare/httpd-manual?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

httpd-tools

Package

Name: httpd-tools
Purl: pkg:rpm/tuxcare/httpd-tools?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

mod_ldap

Package

Name: mod_ldap
Purl: pkg:rpm/tuxcare/mod_ldap?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

mod_proxy_html

Package

Name: mod_proxy_html
Purl: pkg:rpm/tuxcare/mod_proxy_html?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

mod_session

Package

Name: mod_session
Purl: pkg:rpm/tuxcare/mod_session?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"

mod_ssl

Package

Name: mod_ssl
Purl: pkg:rpm/tuxcare/mod_ssl?distro=centos-8.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.4.37-39.module_el8.4.0+2309+93fc5e24.1.tuxcare.els16

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2025-1758914697.json"