CNNVD-202507-1508 Information
CNNVD ID
CNNVD-202507-1508
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.35至2.4.63版本存在访问控制错误漏洞,该漏洞源于某些mod_ssl配置可能导致TLS 1.3会话恢复时访问控制绕过。
Description (English)
Apache HTTP Server is an open-source web server of the Apache Foundation in the United States. The server has a fast, reliable character and can be expanded through a simple API. Appache HTTP Server 2.4.35 to 2.4.63 contains access control bugs, which stem from certain mod ssl configurations that may lead to the circumvention of access controls when TLS 1.3 sessions are resumed.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
阿帕奇
Published
2025-07-10
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23048 https://www.oracle.com/security-alerts/cpujan2026.html https://vigilance.fr/vulnerability/Apache- https://access.redhat.com/security/cve/cve-2025-23048
Patch
https://httpd.apache.org/download.cgi
Share on: