CVE-2025-49812 – Apache HTTP Server mod_ssl TLS Desynchronisation Hijack Vulnerability

July 10, 2025

CVE ID : CVE-2025-49812

Published : July 10, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.

Only configurations using “SSLEngine optional” to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53020 – Apache HTTP Server Memory Disclosure

Next Article CVE-2025-49630 – Apache HTTP Server mod_proxy_http2 Denial of Service Vulnerability

Highlights

CVE-2025-5000 – “Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability”

May 20, 2025

CVE ID : CVE-2025-5000

Published : May 20, 2025, 9:15 p.m. | 2 hours, 18 minutes ago

Description : A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-49812 – Apache HTTP Server mod_ssl TLS Desynchronisation Hijack Vulnerability

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

CVE-2025-46273 – UNI-NMS-Lite Hard-Coded Credentials Authentication Bypass

How to preorder the new Surface Pro and Surface Laptop

CVE-2025-47948 – Cocotais Bot Privileged Command Injection

playerctl – MPRIS media player command-line controller

CVE-2025-5000 – “Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability”

How passkeys work: The complete guide to your inevitable passwordless future

CVE-2025-46566 – DataEase Remote Code Execution Vulnerability

Call of Duty: Black Ops 6 New Season Is Arriving on August 7, Know More Here

CVE-2025-49812 – Apache HTTP Server mod_ssl TLS Desynchronisation Hijack Vulnerability

Related Posts