EulerOS Virtualization 2.13.0 : httpd (EulerOS-SA-2026-2170)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped quer...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

MiracleLinux 4 : httpd-2.2.15-31.0.1.AXS4 (AXSA:2014-468:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-468:02 advisory. Description : The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2014-0118 The...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

CLSA-2026-1767613214 httpd: Fix of CVE-2025-58098

CVE-2025-58098: fix modcgid to not pass arguments for SSI requests...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability exists in the modcgid module of the Apache HTTP Server due to the absence of a timeout mechanism. Exploiting this vulnerability allows malicious actors to cause a service failure by sending requests to the CGI script, thereby ignoring the data from their own stdin descriptor...

USN-2299-1 apache2 vulnerabilities

Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0117 Giancarlo Pellegrino and Davide Balzarot...