ALSA-2025:15095
- Source
- https://errata.almalinux.org/10/ALSA-2025-15095.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:15095.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALSA-2025:15095
- Related
- Published
- 2025-09-02T00:00:00Z
- Modified
- 2025-11-28T20:35:31.646309Z
- Summary
- Moderate: httpd security update
- Details
-
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
- httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
- httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2025:15095
- https://access.redhat.com/security/cve/CVE-2024-47252
- https://access.redhat.com/security/cve/CVE-2025-23048
- https://access.redhat.com/security/cve/CVE-2025-49812
- https://bugzilla.redhat.com/2374571
- https://bugzilla.redhat.com/2374576
- https://bugzilla.redhat.com/2374580
- https://errata.almalinux.org/10/ALSA-2025-15095.html
Affected packages
AlmaLinux:10 / httpd-filesystem
Package
- Name
- httpd-filesystem
- Purl
- pkg:rpm/almalinux/httpd-filesystem