Sales Chat - Click Here

Apache HTTP Server Vulnerabilities

Nov 20, 2025
Vulnerability ID Vulnerability Overview
CVE-2024-42516 A core vulnerability in Apache HTTP Server allows an attacker controlling Content-Type response headers to split a single HTTP response into multiple responses, enabling cache poisoning, cross-site scripting (XSS), or other response-splitting attacks.
CVE-2024-43204 Server-Side Request Forgery (SSRF) in Apache HTTP Server with the mod_proxy module loaded can allow an attacker to send outbound proxy requests to an attacker-controlled URL under specific configurations.
CVE-2024-43394 SSRF in Apache HTTP Server on Windows may allow an attacker to trigger NTLM hash leakage by having the server access UNC paths to attacker-controlled SMB servers.
CVE-2024-47252 Inadequate escaping of client-supplied TLS variables in mod_ssl logging allows insertion of escape/control characters into log files.
CVE-2025-23048 TLS 1.3 session resumption in Apache HTTP Server can allow a trusted client of one virtual host to access another virtual host when mod_ssl is configured with multiple vhosts and SSLStrictSNIVHostCheck is disabled.
CVE-2025-49630 Under certain reverse-proxy HTTP/2 backend configurations with ProxyPreserveHost on, Apache’s mod_proxy_http2 may abort via assertion failure, causing denial of service.
CVE-2025-49812 In Apache HTTP Server configurations using SSLEngine optional for TLS upgrades, a man-in-the-middle attacker may perform HTTP desynchronisation to hijack a session after the TLS upgrade.


Affected Supported TeraStations

TS7010
Vulnerability is patched from firmware version 2.00

TS5020 and TS3030
Vulnerability is patched from firmware version 3.08 (CVE-2025-49630 only)

Back to Security Notices

Date Description
11/20/2025 Initial release
12/10/2025 Update for TS5020/3030
X