{"id":"AZL-65172","summary":"CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1","details":"Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.","modified":"2026-04-01T05:20:52.101579Z","published":"2025-07-10T17:15:46Z","upstream":["CVE-2024-47252"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47252"}],"affected":[{"package":{"name":"httpd","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/httpd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.64-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-65172.json"}}],"schema_version":"1.7.5"}