CVE-2025-49630

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

10/07/2025

Last modified:

10/07/2025

Description

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.<br /> <br /> Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".

Impact

References to Advisories, Solutions, and Tools

https://httpd.apache.org/security/vulnerabilities_24.html