cvelistv5 - cve-2024-43394

CVE-2024-43394 (GCVE-0-2024-43394)

Vulnerability from cvelistv5

Published

2025-07-10 16:56

Modified

2025-07-15 19:56

Severity ?

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

References

►

URL

	Vendor	Product	Version
	Apache Software Foundation	Apache HTTP Server	Version: 2.4.0 ≤ 2.4.63

opensuse-su-2025:15360-1

Vulnerability from csaf_opensuse

Published

2025-07-20 00:00

Modified

2025-07-20 00:00

Summary

apache2-2.4.64-1.1 on GA media

Notes

Title of the patch

apache2-2.4.64-1.1 on GA media

Description of the patch

These are all security issues fixed in the apache2-2.4.64-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15360

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "apache2-2.4.64-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the apache2-2.4.64-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15360",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15360-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-42516 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-42516/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-43204 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-43204/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-43394 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-43394/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-47252 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-47252/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-23048 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-23048/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-49630 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-49630/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-49812 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-49812/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-53020 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-53020/"
      }
    ],
    "title": "apache2-2.4.64-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-20T00:00:00Z",
      "generator": {
        "date": "2025-07-20T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15360-1",
      "initial_release_date": "2025-07-20T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-20T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.64-1.1.aarch64",
                "product": {
                  "name": "apache2-2.4.64-1.1.aarch64",
                  "product_id": "apache2-2.4.64-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.64-1.1.ppc64le",
                "product": {
                  "name": "apache2-2.4.64-1.1.ppc64le",
                  "product_id": "apache2-2.4.64-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.64-1.1.s390x",
                "product": {
                  "name": "apache2-2.4.64-1.1.s390x",
                  "product_id": "apache2-2.4.64-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "apache2-2.4.64-1.1.x86_64",
                "product": {
                  "name": "apache2-2.4.64-1.1.x86_64",
                  "product_id": "apache2-2.4.64-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.64-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64"
        },
        "product_reference": "apache2-2.4.64-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.64-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le"
        },
        "product_reference": "apache2-2.4.64-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.64-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x"
        },
        "product_reference": "apache2-2.4.64-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache2-2.4.64-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        },
        "product_reference": "apache2-2.4.64-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-42516",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-42516"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.\n\nThis vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-42516",
          "url": "https://www.suse.com/security/cve/CVE-2024-42516"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227268 for CVE-2024-42516",
          "url": "https://bugzilla.suse.com/1227268"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246477 for CVE-2024-42516",
          "url": "https://bugzilla.suse.com/1246477"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-42516"
    },
    {
      "cve": "CVE-2024-43204",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-43204"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.   Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-43204",
          "url": "https://www.suse.com/security/cve/CVE-2024-43204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246305 for CVE-2024-43204",
          "url": "https://bugzilla.suse.com/1246305"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-43204"
    },
    {
      "cve": "CVE-2024-43394",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-43394"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Server-Side Request Forgery (SSRF)  in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via  \nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote:   The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-43394",
          "url": "https://www.suse.com/security/cve/CVE-2024-43394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246304 for CVE-2024-43394",
          "url": "https://bugzilla.suse.com/1246304"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-43394"
    },
    {
      "cve": "CVE-2024-47252",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-47252"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-47252",
          "url": "https://www.suse.com/security/cve/CVE-2024-47252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246303 for CVE-2024-47252",
          "url": "https://bugzilla.suse.com/1246303"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-47252"
    },
    {
      "cve": "CVE-2025-23048",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-23048"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\n\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-23048",
          "url": "https://www.suse.com/security/cve/CVE-2025-23048"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246302 for CVE-2025-23048",
          "url": "https://bugzilla.suse.com/1246302"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-23048"
    },
    {
      "cve": "CVE-2025-49630",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-49630"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In certain proxy configurations, a denial of service attack against  Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.\n\nConfigurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to \"on\".",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-49630",
          "url": "https://www.suse.com/security/cve/CVE-2025-49630"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246307 for CVE-2025-49630",
          "url": "https://bugzilla.suse.com/1246307"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-49630"
    },
    {
      "cve": "CVE-2025-49812",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-49812"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.\n\nOnly configurations using \"SSLEngine optional\" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-49812",
          "url": "https://www.suse.com/security/cve/CVE-2025-49812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246161 for CVE-2025-49812",
          "url": "https://bugzilla.suse.com/1246161"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-49812"
    },
    {
      "cve": "CVE-2025-53020",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-53020"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
          "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-53020",
          "url": "https://www.suse.com/security/cve/CVE-2025-53020"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246306 for CVE-2025-53020",
          "url": "https://bugzilla.suse.com/1246306"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.aarch64",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.ppc64le",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.s390x",
            "openSUSE Tumbleweed:apache2-2.4.64-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-20T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-53020"
    }
  ]
}

fkie_cve-2024-43394

Vulnerability from fkie_nvd

Published

2025-07-10 17:15

Modified

2025-07-29 15:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

▶	URL	Tags
	security@apache.org	https://httpd.apache.org/security/vulnerabilities_24.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	http_server	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C552FA45-1E0F-4F3A-BB99-8E4604C82820",
              "versionEndExcluding": "2.4.64",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Server-Side Request Forgery (SSRF)\u00a0in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via\u00a0\nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote: \u00a0The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication."
    },
    {
      "lang": "es",
      "value": "Server-Side Request Forgery (SSRF) en Apache HTTP Server en Windows permite filtrar hashes NTLM a un servidor malicioso mediante mod_rewrite o expresiones de Apache que pasan una entrada de solicitud no validada. Este problema afecta al servidor HTTP Apache desde la versi\u00f3n 2.4.0 hasta la 2.4.63. Nota: El proyecto del servidor HTTP Apache establecer\u00e1 un est\u00e1ndar m\u00e1s estricto para la aceptaci\u00f3n de informes de vulnerabilidad relacionados con SSRF mediante rutas UNC. El servidor ofrece protecci\u00f3n limitada contra administradores que le indiquen que abra rutas UNC. Los servidores Windows deben limitar los hosts a los que se conectan mediante SMB seg\u00fan la naturaleza de la autenticaci\u00f3n NTLM."
    }
  ],
  "id": "CVE-2024-43394",
  "lastModified": "2025-07-29T15:15:57.037",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-10T17:15:46.133",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

ghsa-gxxm-rhpx-j39m

Vulnerability from github

Published

2025-07-10 18:31

Modified

2025-07-15 21:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.

Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths.

The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-43394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T17:15:46Z",
    "severity": "HIGH"
  },
  "details": "Server-Side Request Forgery (SSRF)\u00a0in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via\u00a0\nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote: \u00a0The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.",
  "id": "GHSA-gxxm-rhpx-j39m",
  "modified": "2025-07-15T21:31:26Z",
  "published": "2025-07-10T18:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43394"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2025-1529

Vulnerability from csaf_certbund

Published

2025-07-10 22:00

Modified

2025-08-14 22:00

Summary

Apache HTTP Server: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache ist ein Webserver für verschiedene Plattformen.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um Dateien zu manipulieren.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache ist ein Webserver f\u00fcr verschiedene Plattformen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Apache HTTP Server ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1529 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1529.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1529 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1529"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/20"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/21"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/22"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/23"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/24"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/25"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/26"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/27"
      },
      {
        "category": "external",
        "summary": "Mailing List OSS Security vom 2025-07-10",
        "url": "https://seclists.org/oss-sec/2025/q3/28"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-6D7A183951 vom 2025-07-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-6d7a183951"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-B486FFD351 vom 2025-07-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-b486ffd351"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7639-1 vom 2025-07-16",
        "url": "https://ubuntu.com/security/notices/USN-7639-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7239846 vom 2025-07-16",
        "url": "https://www.ibm.com/support/pages/node/7239846"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15360-1 vom 2025-07-21",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CB2NNDXYFXVKF6KTKFMA2AHUNHAGDAFJ/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15369-1 vom 2025-07-22",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UTC3TDRL5IF6YTXDS2ENK5OJDZNHZ2XL/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02565-1 vom 2025-07-31",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021991.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2958 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2958.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02685-1 vom 2025-08-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022063.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02683-1 vom 2025-08-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022065.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02682-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KSS462UFYDADIPPKUL3TXXRQPB3QSMVB/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02684-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HJTVNIIT7LUYXSMCL3VWS2K232WNZNZG/"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241583 vom 2025-08-06",
        "url": "https://www.ibm.com/support/pages/node/7241583"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000152924 vom 2025-08-08",
        "url": "https://my.f5.com/manage/s/article/K000152924"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241939 vom 2025-08-11",
        "url": "https://www.ibm.com/support/pages/node/7241939"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4270 vom 2025-08-12",
        "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13681 vom 2025-08-14",
        "url": "https://access.redhat.com/errata/RHSA-2025:13681"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13680 vom 2025-08-14",
        "url": "https://access.redhat.com/errata/RHSA-2025:13680"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache HTTP Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-14T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-15T07:22:18.291+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1529",
      "initial_release_date": "2025-07-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-07-16T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu und IBM aufgenommen"
        },
        {
          "date": "2025-07-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-07-22T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-07-30T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-08-06T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-10T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2025-08-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-08-14T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "12"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.4.64",
                "product": {
                  "name": "Apache HTTP Server \u003c2.4.64",
                  "product_id": "T045319"
                }
              },
              {
                "category": "product_version",
                "name": "2.4.64",
                "product": {
                  "name": "Apache HTTP Server 2.4.64",
                  "product_id": "T045319-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:http_server:2.4.64"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "HTTP Server"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "15.1.0-15.1.10",
                "product": {
                  "name": "F5 BIG-IP 15.1.0-15.1.10",
                  "product_id": "T034902",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.1.0-17.1.2",
                "product": {
                  "name": "F5 BIG-IP 17.1.0-17.1.2",
                  "product_id": "T040213",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.1.0-16.1.6",
                "product": {
                  "name": "F5 BIG-IP 16.1.0-16.1.6",
                  "product_id": "T044168",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "17.5.0-17.5.1",
                "product": {
                  "name": "F5 BIG-IP 17.5.0-17.5.1",
                  "product_id": "T045956",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:17.5.0_-_17.5.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIG-IP"
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Business Automation Workflow",
            "product": {
              "name": "IBM Business Automation Workflow",
              "product_id": "T019704",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:business_automation_workflow:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5.25",
                "product": {
                  "name": "IBM HTTP Server \u003c9.0.5.25",
                  "product_id": "T045476"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5.25",
                "product": {
                  "name": "IBM HTTP Server 9.0.5.25",
                  "product_id": "T045476-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:http_server:9.0.5.25"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.5.29",
                "product": {
                  "name": "IBM HTTP Server \u003c8.5.5.29",
                  "product_id": "T045477"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.5.29",
                "product": {
                  "name": "IBM HTTP Server 8.5.5.29",
                  "product_id": "T045477-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:http_server:8.5.5.29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "HTTP Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1-9.1.0.8",
                "product": {
                  "name": "IBM Rational ClearQuest 9.1-9.1.0.8",
                  "product_id": "T045976",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearquest:9.1_-_9.1.0.8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0-10.0.7",
                "product": {
                  "name": "IBM Rational ClearQuest 10.0-10.0.7",
                  "product_id": "T045977",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearquest:10.0_-_10.0.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational ClearQuest"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services",
                "product": {
                  "name": "Red Hat JBoss Core Services",
                  "product_id": "T012412",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "Red Hat JBoss Core Services 1",
                  "product_id": "T046258",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JBoss Core Services"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38709",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-38709"
    },
    {
      "cve": "CVE-2024-42516",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-42516"
    },
    {
      "cve": "CVE-2024-43204",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-43204"
    },
    {
      "cve": "CVE-2024-43394",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-43394"
    },
    {
      "cve": "CVE-2024-47252",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-47252"
    },
    {
      "cve": "CVE-2025-23048",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2025-23048"
    },
    {
      "cve": "CVE-2025-49630",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2025-49630"
    },
    {
      "cve": "CVE-2025-49812",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2025-49812"
    },
    {
      "cve": "CVE-2025-53020",
      "product_status": {
        "known_affected": [
          "T034902",
          "T012412",
          "74185",
          "T045976",
          "2951",
          "T002207",
          "T045956",
          "T045977",
          "T000126",
          "T019704",
          "T045319",
          "T027843",
          "398363",
          "T040213",
          "T046258",
          "T044168",
          "T045477",
          "T045476"
        ]
      },
      "release_date": "2025-07-10T22:00:00.000+00:00",
      "title": "CVE-2025-53020"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-43394 (GCVE-0-2024-43394)

Vulnerability from cvelistv5

opensuse-su-2025:15360-1

Vulnerability from csaf_opensuse

fkie_cve-2024-43394

Vulnerability from fkie_nvd

ghsa-gxxm-rhpx-j39m

Vulnerability from github

wid-sec-w-2025-1529

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature