406 matches found
USN-7968-1 apache2 vulnerabilities
It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...
MiracleLinux 4 : php-5.3.3-3.AXS4.8 (AXSA:2012-547:03)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-547:03 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...
EUVD-2026-2005
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
SUSE SLES15: apache2 / apache2-devel / apache2-event / apache2-manual / etc (SUSE-SU-2026:0020-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0020-1 advisory. - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environment...
CLSA-2026-1767609927 httpd: Fix of CVE-2025-58098
CVE-2025-58098: don't pass querry string args as command line arguments to SSI-invoked CGI scripts...
SUSE-SU-2026:0020-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 -...
CVE-2025-67158
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request...
httpd security update
An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...
RLSA-2025:23932 Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 httpd:...
PT-2025-53354
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
Security update for apache2
This update for apache2 fixes the following issues: CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 CVE-2025-65082: Fixed CGI environment variable override bsc1254514 CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 CVE-2025-66200:...
AlmaLinux 10 : httpd (ALSA-2025:23932)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23932 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileIn...
httpd: Apache HTTP Server: CGI environment variable override
A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...
Important: Red Hat Security Advisory: httpd security update
An update for httpd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
SUSE-SU-2025:4488-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 -...
Apache HTTP Server Code Execution Vulnerability (CNVD-2025-30835)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server versions 2.4.7 through 2.4.65, which can be exploited by an attacker t...
Apache HTTP Server: CGI environment variable override
...
SUSE CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...
UBUNTU-CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...
CVE-2025-65082
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...