Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-47252— Apache HTTP Server: mod_ssl error log variable escaping

EPSS 0.65% · P71
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-47252

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache HTTP Server: mod_ssl error log variable escaping
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
转义、元或控制序列转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache HTTP Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.63及之前版本存在安全漏洞,该漏洞源于mod_ssl对用户提供数据转义不足,可能导致日志文件插入转义字符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache HTTP Server 2.4 ~ 2.4.63 -

II. Public POCs for CVE-2024-47252

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-47252

登录查看更多情报信息。

Same Patch Batch · Apache Software Foundation · 2025-07-10 · 11 CVEs total

CVE-2024-42516Apache HTTP Server: HTTP response splitting
CVE-2024-43204Apache HTTP Server: SSRF with mod_headers setting Content-Type header
CVE-2024-43394Apache HTTP Server: SSRF on Windows due to UNC paths
CVE-2025-23048Apache HTTP Server: mod_ssl access control bypass with session resumption
CVE-2025-49630Apache HTTP Server: mod_proxy_http2 denial of service
CVE-2025-49812Apache HTTP Server: mod_ssl TLS upgrade attack
CVE-2025-53020Apache HTTP Server: HTTP/2 DoS by Memory Increase
CVE-2025-52434Apache Tomcat: APR/Native Connector crash leading to DoS
CVE-2025-52520Apache Tomcat: DoS via integer overflow in multipart file upload
CVE-2025-53506Apache Tomcat: DoS via excessive h2 streams at connection start

IV. Related Vulnerabilities

Same product: Apache HTTP Server
Same vendor: Apache Software Foundation
Same weakness: CWE-150

V. Comments for CVE-2024-47252

No comments yet

Leave a comment