Apache HTTP Server Vulnerabilities

Vulnerability ID	Vulnerability Overview
CVE-2024-42516	A core vulnerability in Apache HTTP Server allows an attacker controlling Content-Type response headers to split a single HTTP response into multiple responses, enabling cache poisoning, cross-site scripting (XSS), or other response-splitting attacks.
CVE-2024-43204	Server-Side Request Forgery (SSRF) in Apache HTTP Server with the mod_proxy module loaded can allow an attacker to send outbound proxy requests to an attacker-controlled URL under specific configurations.
CVE-2024-43394	SSRF in Apache HTTP Server on Windows may allow an attacker to trigger NTLM hash leakage by having the server access UNC paths to attacker-controlled SMB servers.
CVE-2024-47252	Inadequate escaping of client-supplied TLS variables in mod_ssl logging allows insertion of escape/control characters into log files.
CVE-2025-23048	TLS 1.3 session resumption in Apache HTTP Server can allow a trusted client of one virtual host to access another virtual host when mod_ssl is configured with multiple vhosts and SSLStrictSNIVHostCheck is disabled.
CVE-2025-49812	In Apache HTTP Server configurations using SSLEngine optional for TLS upgrades, a man-in-the-middle attacker may perform HTTP desynchronisation to hijack a session after the TLS upgrade.

Affected Supported TeraStations

TS7010
Vulnerability is patched from firmware version 2.00

TS5020 and TS3030

LS700
Vulnerability is patched from firmware version 2.02
 

Back to Security Notices

Date	Description
11/20/2025	Initial release
12/10/2025	Update

Back to Security Notices