Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Oracle Linux 8 ELSA-2025-15123 httpd Moderate Session Hijack Risk

oracle
Calendar Grey September 5, 2025
Oracle Linux Logo Esm H88
Oracle Linux 8 releases updates for httpd server addressing critical session fixation and access control issues.
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

httpd [2.4.37-65.5.0.1] - Replace index.html with Oracle's index page oracle_index.html [2.4.37-65.5] - Resolves: RHEL-99944 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade - Resolves: RHEL-99969 - CVE-2024-47252 httpd: insufficient escaping of user-supplied data in mod_ssl - Resolves: RHEL-99961 - CVE-2025-23048 httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption [2.4.37-65.4] - Resolves: RHEL-87641 - apache Bug 63192 - mod_ratelimit breaks HEAD requests [2.4.37-65.3] - Resolves: RHEL-56068 - Apache HTTPD no longer parse PHP files with unicode characters in the name [2.4.37-65.2] - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable (CVE-2024-38476) - Resolves: RHEL-53022 - Regression introduced by CVE-2024-38474 fix [2.4.37-65.1] - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in mod_rewrite (CVE-2024-38474) -...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate access control httpd session hijack Oracle Linux

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates/httpd-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.src.rpm

x86_64

httpd-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.x86_64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.x86_64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.x86_64.rpm

aarch64

httpd-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm httpd-devel-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm httpd-filesystem-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-manual-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.noarch.rpm httpd-tools-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_http2-1.15.7-10.module+el8.10.0+90652+bef864ba.4.aarch64.rpm mod_ldap-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_md-2.0.8-8.module+el8.9.0+90011+2f9c6a23.aarch64.rpm mod_proxy_html-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_session-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm mod_ssl-2.4.37-65.0.1.module+el8.10.0+90652+bef864ba.5.aarch64.rpm

Related CVEs: CVE-2024-47252 CVE-2025-23048 CVE-2025-49630 CVE-2025-49812

Topics%20covered

Topics Covered

security advisory moderate access control httpd session hijack Oracle Linux

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here