RHSA-2025:13681HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP1 security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2024-8176 — libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-47252 — httpd: insufficient escaping of user-supplied data in mod_ssl CVE-2025-23048 — httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption CVE-2025-32414 — libxml2: Out-of-Bounds Read in libxml2 CVE-2025-32415 — libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables CVE-2025-47947 — modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-49630 — httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module CVE-2025-49812 — httpd: HTTP Session Hijack via a TLS upgrade
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2025:13681
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.62/html/red_hat_jboss_core_services_apache_http_server_2.4.62_service_pack_1_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310137
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2358121
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2360768
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2367903
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2374571
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2374576
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2374578
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2374580
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_13681.json