Apache · Apache Http Server · CVE-2024-47252
**Name of the Vulnerable Software and Affected Versions:**
Apache HTTP Server versions prior to 2.4.63
**Description:**
Insufficient escaping of user-supplied data in the mod ssl module can allow an untrusted SSL/TLS client to insert escape characters into log files under certain configurations. This occurs when using CustomLog with "%{varname}x" or "%{varname}c" to log variables provided by mod ssl, such as `SSL TLS SNI`, without proper sanitization.
**Recommendations:**
Upgrade to a version of Apache HTTP Server later than 2.4.63.