SB2025082935 - Anolis OS update for httpd

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025082935

SB2025082935 - Anolis OS update for httpd

Published: August 29, 2025

Security Bulletin ID SB2025082935
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-43204)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in mod_proxy . A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Note, the vulnerability exploitation requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.


2) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-47252)

The vulnerability allows a remote attacker to manipulate data in log files. 

The vulnerability exists due to improper input validation in mod_ssl. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files. A remote attacker can manipulate contents of log files. 


3) Resource management error (CVE-ID: CVE-2025-49630)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in mod_proxy_http2. A remote attacker can send specially crafted requests to the server and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that the reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".


4) Resource management error (CVE-ID: CVE-2025-53020)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the server when handling HTTP/2 requests. A remote attacker can send multiple requests to the server and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References