CVE-2024-47252: Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.

Kurzinfo

Veroeffentlicht: 2025-07-10 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 7.5 Quelle-ID: apache_httpd_sec uid_hash: 7f71a020db346669dd8eccccaf5436283282c4b8dacf7e3cafd23b938c22de1f
Apache HTTP Server Security (httpd.org JSON)

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2024-47252

 HIGH 7.5 - - 2025-07-10

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Apache HTTP Server Security (httpd.org JSON)

apache_httpd_sec

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste