Apache · Apache Http Server · CVE-2025-49630
**Name of the Vulnerable Software and Affected Versions:**
Apache HTTP Server versions 2.4.26 through 2.4.63
**Description:**
In specific proxy setups, an untrusted client can trigger a denial of service against Apache HTTP Server. This occurs due to an assertion within the `mod proxy http2` module when `ProxyPreserveHost` is set to "on" and a reverse proxy is configured for an HTTP/2 backend.
**Recommendations:**
Update to a version later than 2.4.63.