Issued:: 2025-09-02
Updated:: 2025-09-02

RHSA-2025:14998 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: httpd security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 7.7 x86_64

Fixes

BZ - 2374580 - CVE-2025-49812 httpd: HTTP Session Hijack via a TLS upgrade

CVEs

CVE-2025-49812

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
httpd-2.4.6-90.el7_7.6.src.rpm	SHA-256: e1f46a6e1298b57409f1af6e5475a0102ac42add58e92a12d2385b1cea8f53d7
x86_64
httpd-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: 3d1d6f76691d55966b05aceeabce03460a46ea9e979ce157a3bd170a8f39941f
httpd-debuginfo-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: db088685c0a9c86d016da9cbb7068dc1410e4546d8172f0450a474e6ead5b847
httpd-debuginfo-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: db088685c0a9c86d016da9cbb7068dc1410e4546d8172f0450a474e6ead5b847
httpd-devel-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: 614078c9149258cac0024fadde74b0d2c5d9daa45afc3ece8a0ba391622ad7b3
httpd-manual-2.4.6-90.el7_7.6.noarch.rpm	SHA-256: e6ac073fd4e9b22c10667620d5834c748259d396a4b94955ea39ec0ab29951ec
httpd-tools-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: d164d0fc69a0926fe7ecdce90f1c75da38f2c5b4faa74d561b67713a93ceae2c
mod_ldap-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: 355f74082ae29c438d7f0e0bc102673d29b057342af18d9aa1debab6590d8dad
mod_proxy_html-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: a18ae4566c5de4de8c217bf8ee86bad17077ee5c6caa1786c81988683037534b
mod_session-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: a0bf9e2a2918318c3c560c5ee10a60d8c766783e0f71c7db2e3cb320cb1f5859
mod_ssl-2.4.6-90.el7_7.6.x86_64.rpm	SHA-256: 3a9c895cdfcdeca13622ed50acf16530087267dd6372e24f2566ee5b7cbfd49d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation