Lucene search
K

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-8338-1)

🗓️ 11 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 7 Views

Ubuntu Apache vulnerabilities allow response splitting, denial of service, SSRF, and proxy flaws.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795].
22 Jul 202420:53
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability with Perl, Snappy, Psf Request, spring-web-5.3.33.jar , Apache HTTP Server, OpenJDK, affect IBM Cloud Object Storage Systems (July 2024v1)
12 Jul 202415:44
ibm
IBM Security Bulletins
Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to the included Apache HTTP Server
22 Jul 202517:49
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in httpd library (CVE-2025-58098, CVE-2025-65082, CVE-2025-66200) affect Power HMC.
31 Mar 202615:34
ibm
IBM Security Bulletins
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
15 Apr 202503:18
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server
27 Jun 202419:55
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)
27 May 202523:25
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
22 Dec 202509:22
ibm
IBM Security Bulletins
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477
28 Jan 202522:08
ibm
IBM Security Bulletins
Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server
29 Jul 202414:30
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-8338-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320481);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/11");

  script_cve_id(
    "CVE-2023-38709",
    "CVE-2023-45802",
    "CVE-2024-24795",
    "CVE-2024-38473",
    "CVE-2024-38476",
    "CVE-2024-38477",
    "CVE-2024-39573",
    "CVE-2024-42516",
    "CVE-2024-43204",
    "CVE-2024-47252",
    "CVE-2025-49812",
    "CVE-2025-55753",
    "CVE-2025-58098",
    "CVE-2025-65082",
    "CVE-2025-66200"
  );
  script_xref(name:"IAVA", value:"2023-A-0572-S");
  script_xref(name:"IAVA", value:"2024-A-0202-S");
  script_xref(name:"IAVA", value:"2024-A-0378-S");
  script_xref(name:"IAVA", value:"2025-A-0508-S");
  script_xref(name:"IAVA", value:"2025-A-0889-S");
  script_xref(name:"USN", value:"8338-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-8338-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-8338-1 advisory.

    It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could
    possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04
    LTS. (CVE-2023-38709)

    Will Dormann and David Warren discovered that Apache HTTP Server's HTTP/2 implementation did not properly
    reclaim memory when streams were reset by clients. A remote attacker could possibly use this issue to
    cause Apache HTTP Server to consume resources, leading to a denial of service. This issue only affected
    Ubuntu 18.04 LTS. (CVE-2023-45802)

    Keran Mu and Jianjun Chen discovered that Apache HTTP Server incorrectly handled certain response headers.
    An attacker could possibly use this issue to perform HTTP response splitting attacks. This issue only
    affected Ubuntu 14.04 LTS. (CVE-2024-24795)

    Orange Tsai discovered that Apache HTTP Server mod_proxy incorrectly handled URL encoding. A remote
    attacker could possibly use this issue to bypass authentication via crafted requests. This issue only
    affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-38473)

    Orange Tsai discovered that Apache HTTP Server could be caused to perform server-side request forgery
    (SSRF) via malicious backend response headers. A remote attacker could possibly use this issue to conduct
    SSRF attacks or disclose sensitive information. This issue only affected Ubuntu 14.04 LTS.
    (CVE-2024-38476)

    Orange Tsai discovered that Apache HTTP Server mod_proxy did not properly handle certain null pointer
    conditions. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash,
    resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38477)

    Orange Tsai discovered that Apache HTTP Server mod_rewrite could be made to perform server-side request
    forgery (SSRF) via unsafe RewriteRules. A remote attacker could possibly use this issue to conduct SSRF
    attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-39573)

    It was discovered that Apache HTTP Server incorrectly handled certain response headers. An attacker could
    possibly use this issue to perform HTTP response splitting attacks. This issue only affected Ubuntu 14.04
    LTS. (CVE-2024-42516)

    It was discovered that Apache HTTP Server could be caused to perform server-side request forgery (SSRF)
    via mod_headers modifying Content-Type headers. A remote attacker could possibly use this issue to conduct
    SSRF attacks. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-43204)

    John Runyon discovered that Apache HTTP Server mod_ssl did not properly escape user-supplied data before
    writing log entries. A remote attacker could possibly use this issue to insert escape sequences into log
    files. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-47252)

    Robert Merget discovered that Apache HTTP Server with SSLEngine optional was vulnerable to HTTP
    desynchronisation attacks. An attacker in a privileged network position could possibly use this issue to
    hijack HTTP sessions. This issue only affected Ubuntu 14.04 LTS. (CVE-2025-49812)

    It was discovered that Apache HTTP Server mod_md had an integer overflow in the ACME certificate renewal
    backoff timer. An attacker could possibly use this issue to cause excessive certificate renewal requests.
    This issue only affected Ubuntu 20.04 LTS. (CVE-2025-55753)

    Anthony Parfenov discovered that Apache HTTP Server with SSI enabled and mod_cgid passed shell-escaped
    query strings to #exec cmd directives. A remote attacker could possibly use this issue to perform command
    injection. (CVE-2025-58098)

    Mattias sander discovered that Apache HTTP Server incorrectly gave precedence to environment variables
    from HTTP headers over server-calculated CGI variables. A remote attacker could possibly use this issue to
    influence the environment of CGI programs. (CVE-2025-65082)

    Mattias sander discovered that Apache HTTP Server mod_userdir with suexec could be caused to run CGI
    scripts under an unexpected user ID via RequestHeader directives in .htaccess files. An attacker with
    .htaccess write access could possibly use this issue to bypass suexec user restrictions. (CVE-2025-66200)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-8338-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-38476");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/05/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-itk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-ssl-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-custom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-suexec-pristine");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-macro");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-md");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-proxy-uwsgi");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2026 Canonical, Inc. / NASL script (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "ubuntu_pro_sub_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var ubuntu_pro_detected = get_kb_item('Host/Ubuntu/Pro/Services/esm-apps');
ubuntu_pro_detected = !empty_or_null(ubuntu_pro_detected);

var pro_caveat_needed = FALSE;

var pkgs = [
    {'osver': '14.04', 'pkgname': 'apache2', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-event', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-itk', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-prefork', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-mpm-worker', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-suexec', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'apache2.2-bin', 'pkgver': '2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'libapache2-mod-macro', 'pkgver': '1:2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '14.04', 'pkgname': 'libapache2-mod-proxy-html', 'pkgver': '1:2.4.7-1ubuntu4.22+esm12', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-38709', 'CVE-2024-24795', 'CVE-2024-38476', 'CVE-2024-38477', 'CVE-2024-42516', 'CVE-2024-43204', 'CVE-2024-47252', 'CVE-2025-49812', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '16.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.18-2ubuntu3.17+esm17', 'ubuntu_pro': TRUE, 'cves': ['CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '18.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.29-1ubuntu4.27+esm7', 'ubuntu_pro': TRUE, 'cves': ['CVE-2023-45802', 'CVE-2024-38473', 'CVE-2024-39573', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-bin', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-data', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-dev', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-ssl-dev', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-suexec-custom', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-suexec-pristine', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'apache2-utils', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'libapache2-mod-md', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']},
    {'osver': '20.04', 'pkgname': 'libapache2-mod-proxy-uwsgi', 'pkgver': '2.4.41-4ubuntu3.23+esm3', 'ubuntu_pro': TRUE, 'cves': ['CVE-2025-55753', 'CVE-2025-58098', 'CVE-2025-65082', 'CVE-2025-66200']}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  var pro_required = NULL;
  if (!empty_or_null(package_array['ubuntu_pro'])) pro_required = package_array['ubuntu_pro'];
  if (osver && pkgname && pkgver) {
    if (deb_check(release:osver, prefix:pkgname, reference:pkgver, cves:cves)) {
        flag++;
        if (!ubuntu_pro_detected && !pro_caveat_needed) pro_caveat_needed = pro_required;
    }
  }
}

if (flag)
{
  var extra = '';
  if (pro_caveat_needed) {
    extra += 'NOTE: This vulnerability check contains fixes that apply to packages only \n';
    extra += 'available in Ubuntu ESM repositories. Access to these package security updates \n';
    extra += 'require an Ubuntu Pro subscription.\n\n';
  }
  extra += ubuntu_report_get();
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2 / apache2-bin / apache2-data / apache2-dev / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Jun 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.19.8
EPSS0.41611
SSVC
7