CVE-2024-47252 Information
Jul 12, 2025
cve
Description
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.
In a logging configuration where CustomLog is used with %varnamex\ or %varnamec\ to log variables provided by mod_ssl such as SSL_TLS_SNI no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.
Reference
https://httpd.apache.org/security/vulnerabilities_24.html
Related CNNVD
CNNVD-202507-1506 (Published: 2025-07-10)
Share on: