Alerts This Week
Warning Icon 1 1,050
Alerts This Week
Warning Icon 1 1,050

Ubuntu 25.04: Apache HTTP Server Important Threats USN-7639-1 CVE Fixes

ubuntu
Calendar Grey July 16, 2025
Dist Ubuntu Esm H88
Several vulnerabilities in Apache Server addressed in recent Ubuntu updates. Users advised to apply updates for maintaining system security and protection.
Several security issues were fixed in Apache HTTP Server.

Summary

Several security issues were fixed in Apache HTTP Server.

Software Description:

- apache2: Apache HTTP server

Details:

It was discovered that the Apache HTTP Server incorrectly handled certain

Content-Type response headers. A remote attacker could possibly use this

issue to perform HTTP response splitting attacks. (CVE-2024-42516)

xiaojunjie discovered that the Apache HTTP Server mod_proxy module

incorrectly handled certain requests. A remote attacker could possibly use

this issue to send outbound proxy requests to an arbitrary URL.

(CVE-2024-43204)

John Runyon discovered that the Apache HTTP Server mod_ssl module

incorrectly escaped certain data. A remote attacker could possibly use this

issue to insert escape characters into log files. (CVE-2024-47252)

Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj

Somorovsky discovered that the Apache HTTP Server mod_ssl module

incorrectly handled TLS 1.3 session resumption. A remote attacker could

possibly use this issu...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important apache2 http response splitting

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  apache2                         2.4.63-1ubuntu1.1

Ubuntu 24.04 LTS
  apache2                         2.4.58-1ubuntu8.7

Ubuntu 22.04 LTS
  apache2                         2.4.52-1ubuntu4.15

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7639-1

CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,

CVE-2025-49630, CVE-2025-49812, CVE-2025-53020

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7639-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu important apache2 http response splitting

Package Information

https://launchpad.net/ubuntu/+source/apache2/2.4.63-1ubuntu1.1
https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.7
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.15

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here