CVE
CVE-2024-47252
| CVE ID |
CVE-2024-47252
|
|---|---|
| CVSS Score |
7.5
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
httpd-2.4.6-99_ol010.el7.1
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
Insufficient escaping of user-supplied data in `mod_ssl` in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.
In a logging configuration where `CustomLog` is used with `%{varname}x` or `%{varname}c` to log variables provided by `mod_ssl` such as `SSL_TLS_SNI`, no escaping is performed by either `mod_log_config` or `mod_ssl` and unsanitised data provided by the client may appear in log files.