关键信息 漏洞概述 类型/严重性: 重要 (Security Advisory: Important) 产品: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 修复版本: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 1 漏洞描述 CVE编号: - CVE-2024-8176 - CVE-2024-47352 - CVE-2025-23048 - CVE-2025-23241 - CVE-2025-49830 - CVE-2025-49831 - CVE-2025-49812 漏洞详情: - expat: improper Restriction of XML Entity Expansion Depth in libexpat - HTTP Session Hijack via a TLS upgrade [BZ#2254224] - httpd: access control bypass by trusted clients is possible using TLS 1.3 session resumption [BZ#2365768] - httpd: insufficient escaping of user-supplied data in mod_ssl [BZ#2374576] - httpd: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module [BZ#2374576] - libxml2: Cut-of-Rounds Read in libxml2 [BZ#2374576] - libxml2: Out-of-bounds Read in xmlSchematronCompileFileTables [BZ#2374576] - mod_security: ModSecurity Has Possible DoS Vulnerability [BZ#2374576] 解决方案 在应用更新之前,备份现有安装,包括所有应用程序、配置文件、数据库和数据库设置等。 参考部分包含下载链接,需要登录才能下载更新。 受影响的产品 Red Hat JBoss Core Services (x86_64) 修复 提供了多个修复版本和对应的CVE编号,具体见截图中的“修复”部分。 参考 提供了相关安全公告和文档的链接。