httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-005337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005337 advisory. moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause...

Authentication Bypass

Apache HTTP Server is vulnerable to Authentication Bypass. The vulnerability is due to improper handling of the RequestHeader directive via AllowOverride FileInfo in .htaccess, which allows an attacker to cause CGI scripts to execute under an unexpected user ID...

Azure Linux 3.0 Security Update: php (CVE-2022-31627)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-31627 advisory. - In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied...

MiracleLinux 4 : file-5.04-21.AXS4 (AXSA:2014-614:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-614:01 advisory. Description : The file command is used to identify a particular file according to the type of data contained by the file. File can identify many...

MiracleLinux 4 : php-5.3.3-27.AXS4.1 (AXSA:2014-484:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-484:02 advisory. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP al...

MiracleLinux 7 : file-5.11-31.el7 (AXSA:2015-693:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-693:01 advisory. The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file...

CVE-2019-20050

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must includ...

Security update for apache2

This update for apache2 fixes the following issues: CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 CVE-2025-65082: Fixed CGI environment variable override bsc1254514 CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 CVE-2025-66200:...

httpd security update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

TencentOS Server 3: httpd:2.4 (TSSA-2025:0973)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0973 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...

httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...

httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid...

ALSA-2025:23932 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 httpd:...

ALSA-2025:23919 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 httpd:...

BIT-APACHE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

...

SUSE CVE-2025-66200

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...