httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-52616

TRC analysis shows attackers chaining authentication bypass CVE-2025-67039 with OS command injection flaws to gain root access on Lantronix devices. Root compromise enables lateral movement across network infrastructure. Runtime segmentation helps contain post-compromise pivoting in critical...

EulerOS Virtualization 2.13.1 : httpd (EulerOS-SA-2025-2543)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of...

PT-2025-52409

CVE-2025-0852 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-0852 Published : Dec. 16, 2025, 10:15 p.m. | 1 hour, 44 minutes ago Description : Rejected reason: Voluntarily withdrawn Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline...

PT-2025-51122

CVE-2025-67690 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-67690 Published : Dec. 11, 2025, 4:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-50917

CVE-2025-67607 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-67607 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-50913

CVE-2025-67498 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-67498 Published : Dec. 9, 2025, 11:16 p.m. | 1 hour, 48 minutes ago Description : Rejected reason: Further research determined the issue is not a vulnerability. Severity: 0.0 | NA Visit the link for more details, such as...

PT-2025-50930

CVE-2025-67610 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-67610 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-50928

CVE-2025-67608 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-67608 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-36797

Name of the Vulnerable Software and Affected Versions Apache HTTP versions prior to 2.4.67 Description An escalation of privilege bug exists in various modules, including mod rewrite via ap expr, which allows local .htaccess authors to read files using the privileges of the httpd user...

BIT-APACHE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

...

ALPINE-CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

EUVD-2025-201395

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

EUVD-2025-201394

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

EUVD-2025-201404

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...