SUSE: Critical Security Update for Apache2 CVE-2024-42516 CVE-2025-23048

suse

August 4, 2025

* bsc#1246169 * bsc#1246302 * bsc#1246303 * bsc#1246305 * bsc#1246306

Summary

## This update for apache2 fixes the following issues: * CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) * CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) * CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) * CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) * CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) * CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization

Topics Covered

security advisory denial of service SuSE access control important apache2

References

* bsc#1246169

* bsc#1246302

* bsc#1246303

* bsc#1246305

* bsc#1246306

* bsc#1246307

* bsc#1246477

Cross-

* CVE-2024-42516

* CVE-2024-43204

* CVE-2024-47252

* CVE-2025-23048

* CVE-2025-49630

* CVE-2025-49812

* CVE-2025-53020

CVSS scores:

* CVE-2024-42516 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-42516 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

* CVE-2024-42516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-43204 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-43204 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2024-43204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-47252 ( SUSE ): 6.3

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:02685-1

Release Date: 2025-08-04T15:08:15Z

Rating: important

Topics Covered

security advisory denial of service SuSE access control important apache2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: Critical Security Update for Apache2 CVE-2024-42516 CVE-2025-23048

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: Critical Security Update for Apache2 CVE-2024-42516 CVE-2025-23048

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!