[Git][security-tracker-team/security-tracker][master] CVE-2025-23048/apache2
Bastien Roucariès (@rouca)
rouca at debian.org
Mon Aug 11 20:30:45 BST 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6defdb75 by Bastien Roucariès at 2025-08-11T21:30:02+02:00
CVE-2025-23048/apache2
Document regression for load balancer
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4517,7 +4517,6 @@ CVE-2010-10012 (A path traversal vulnerability exists in httpdasm version 0.92,
CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...)
- apache2 2.4.65-1
[bookworm] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
- [bullseye] - apache2 <not-affected> (Vulnerable code introduced in 2.4.64)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b (2.4.65)
NOTE: Introduced by: https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 (2.4.64)
@@ -7756,6 +7755,8 @@ CVE-2025-23048 (In some mod_ssl configurations on Apache HTTP Server 2.4.35 thro
[bookworm] - apache2 <no-dsa> (Will be updated via point release)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
NOTE: Fixed by: https://github.com/apache/httpd/commit/c4cfa50c9068e8b8134c530ab21674e77d1278a2
+ NOTE: possible regression for misconfigured load balancer
+ NOTE: NEWS: https://salsa.debian.org/apache-team/apache2/-/blob/0874e522244079e8436b576ac7ae0527f2ce97f1/debian/apache2.NEWS
CVE-2024-7650 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: OpenText
CVE-2024-47252 (Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6defdb756c35eecd475d66b597289040d7fe5cda
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6defdb756c35eecd475d66b597289040d7fe5cda
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/41ab217e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list