Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache HTTP Server Improper Authentication Vulnerability - CVE-2025-49812 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Improper Authentication Vulnerability - CVE-2025-49812

High
Reference: CVE-2025-49812
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-49812
Title: Apache HTTP Server Improper Authentication Vulnerability
Overview:

In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63 an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using quotSSLEngine optionalquot to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64 which removes support for TLS upgrade.