AZL-65172

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65172.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-65172

Upstream

CVE-2024-47252

Published

2025-07-10T17:15:46Z

Modified

2026-04-01T05:20:52.101579Z

Summary

CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1

Details

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.

In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by modssl such as SSLTLSSNI, no escaping is performed by either modlogconfig or modssl and unsanitized data provided by the client may appear in log files.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47252

Affected packages

Azure Linux:2 / httpd

Package

Name: httpd
Purl: pkg:rpm/azure-linux/httpd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.64-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65172.json"