Security Advisory

CVE-2025-49630

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-10 16:57:40
Last updated 2025-11-04 21:11:13
Assigner apache
State PUBLISHED

Description

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to "on".