apache2 (SUSE:Linux Enterprise Module for Basesystem 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP7 package apache2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2025-23048 — CVSS 9.1 (critical): In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible…
CVE-2025-58098 — CVSS 8.3 (high): Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query…
CVE-2024-47252 — CVSS 7.5 (high): Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to…
CVE-2025-49630 — CVSS 7.5 (high): In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered…
CVE-2024-42516 — CVSS 7.5 (high): HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of…
CVE-2025-53020 — CVSS 7.5 (high): Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up…
CVE-2025-55753 — CVSS 7.5 (high): An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations)…
CVE-2024-43204 — CVSS 7.5 (high): SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker…
CVE-2025-49812 — CVSS 7.4 (high): In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a…
CVE-2025-65082 — CVSS 6.5 (medium): Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the…
CVE-2025-66200 — CVSS 5.4 (medium): mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader…