CVE-2025-49630: In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

Kurzinfo

Veroeffentlicht: 2025-07-10 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 7.5 Quelle-ID: apache_httpd_sec uid_hash: 6df6b3930e045f73befb1a192180258e4e49ad5ad3b05735b5bb9f562afd996b
Apache HTTP Server Security (httpd.org JSON)

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2025-49630

 HIGH 7.5 - - 2025-07-10

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Apache HTTP Server Security (httpd.org JSON)

apache_httpd_sec

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste