Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
Apache HTTP Server May Accept Untrusted Server Identities
CVE-2025-9293
Summary
Apache HTTP Server may not properly verify the identity of servers during secure connections. This can allow an attacker to intercept or modify sensitive information if they can intercept the connection. To protect against this, update Apache HTTP Server to the latest version or apply the recommended security patches.
Original title
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged networ...
Original description
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
nvd CVSS4.0
7.7
Vulnerability type
CWE-295
Improper Certificate Validation
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026