CVE-2025-49630 Information

Description

In certain proxy configurations a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.

Configurations affected are a reverse proxy is configured for an HTTP/2 backend with ProxyPreserveHost set to \on.

Reference

https://httpd.apache.org/security/vulnerabilities_24.html

Related CNNVD

CNNVD-202507-1515 (Published: 2025-07-10)