Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Ubuntu 25.04: Apache HTTP Server Important Threats USN-7639-1 CVE Fixes

Calendar Jul 16, 2025 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important apache2 http response splitting
Several security issues were fixed in Apache HTTP Server. 
==========================================================================
Ubuntu Security Notice USN-7639-1
July 16, 2025

apache2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Apache HTTP Server.

Software Description:
- apache2: Apache HTTP server

Details:

It was discovered that the Apache HTTP Server incorrectly handled certain
Content-Type response headers. A remote attacker could possibly use this
issue to perform HTTP response splitting attacks. (CVE-2024-42516)

xiaojunjie discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain requests. A remote attacker could possibly use
this issue to send outbound proxy requests to an arbitrary URL.
(CVE-2024-43204)

John Runyon discovered that the Apache HTTP Server mod_ssl module
incorrectly escaped certain data. A remote attacker could possibly use this
issue to insert escape characters into log files. (CVE-2024-47252)

Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj
Somorovsky discovered that the Apache HTTP Server mod_ssl module
incorrectly handled TLS 1.3 session resumption. A remote attacker could
possibly use this issue to bypass access control. (CVE-2025-23048)

Anthony CORSIEZ discovered that the Apache HTTP Server mod_proxy_http2
module incorrectly handled missing host headers. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2025-49630)

Robert Merget discovered that the Apache HTTP Server mod_ssl module
incorrectly handled TLS upgrades. A remote attacker could possibly use this
issue to hijack an HTTP session. This update removes the old "SSLEngine
optional" configuration option, possibly requiring a configuration change
in certain environments. (CVE-2025-49812)

Gal Bar Nahum discovered that the Apache HTTP Server incorrectly handled
certain memory operations. A remote attacker could possibly use this
issue to cause the server to consume resources, leading to a denial of
service. (CVE-2025-53020)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  apache2                         2.4.63-1ubuntu1.1

Ubuntu 24.04 LTS
  apache2                         2.4.58-1ubuntu8.7

Ubuntu 22.04 LTS
  apache2                         2.4.52-1ubuntu4.15

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7639-1
  CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,
  CVE-2025-49630, CVE-2025-49812, CVE-2025-53020

Package Information:
  https://launchpad.net/ubuntu/+source/apache2/2.4.63-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.7
  https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.15

Ubuntu 25.04: Apache HTTP Server Important Threats USN-7639-1 CVE Fixes

ubuntu
Calendar Grey July 16, 2025
Dist Ubuntu Esm H88
Several vulnerabilities in Apache Server addressed in recent Ubuntu updates. Users advised to apply updates for maintaining system security and protection.
Several security issues were fixed in Apache HTTP Server.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. (CVE-2024-42516) xiaojunjie discovered that the Apache HTTP Server mod_proxy module incorrectly handled certain requests. A remote attacker could possibly use this issue to send outbound proxy requests to an arbitrary URL. (CVE-2024-43204) John Runyon discovered that the Apache HTTP Server mod_ssl module incorrectly escaped certain data. A remote attacker could possibly use this issue to insert escape characters into log files. (CVE-2024-47252) Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj Somorovsky discovered t...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important apache2 http response splitting

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 apache2 2.4.63-1ubuntu1.1 Ubuntu 24.04 LTS apache2 2.4.58-1ubuntu8.7 Ubuntu 22.04 LTS apache2 2.4.52-1ubuntu4.15 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7639-1

CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,

CVE-2025-49630, CVE-2025-49812, CVE-2025-53020

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7639-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important apache2 http response splitting

Package Information

https://launchpad.net/ubuntu/+source/apache2/2.4.63-1ubuntu1.1 https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.7 https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.15

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here