PT-2025-53401

CVE-2025-48864 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-48864 Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

RockyLinux 9 : httpd (RLSA-2025:23919)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23919 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileIn...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

httpd:2.4 security update

An update is available for module.modhttp2, module.modmd, modmd, httpd, modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

Oracle Linux 10 : mod_md (ELSA-2025-23738)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-23738 advisory. 1:2.4.26-4 - Resolves: RHEL-134483 - httpd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753 Tenable has extracted the preceding...

RHEL 10 : httpd (RHSA-2025:23932)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23932 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP...

httpd security update

2.4.62-7.0.1.3 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-7.3 - Resolves: RHEL-135063 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable override...

Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 modmd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753 httpd: Apache HTTP...

PT-2025-52590

CVE-2025-68485 - Apache HTTP Server Code Injection Vulnerability CVE ID : CVE-2025-68485 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-52596

CVE-2025-68490 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68490 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-52597

CVE-2025-68491 - Apache HTTP Server Buffer Overflow Vulnerability CVE ID : CVE-2025-68491 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, an...

PT-2025-52607

CVE-2025-67045 - Apache HTTP Server Cross-Site Scripting Vulnerability CVE ID : CVE-2025-67045 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67041. Reason: This record is a reservation duplicate of...

PT-2025-52606

CVE-2025-67044 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-67044 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67035. Reason: This record is a reservation duplicate of...

PT-2025-52616

TRC analysis shows attackers chaining authentication bypass CVE-2025-67039 with OS command injection flaws to gain root access on Lantronix devices. Root compromise enables lateral movement across network infrastructure. Runtime segmentation helps contain post-compromise pivoting in critical...

PT-2025-52592

CVE-2025-68487 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68487 Published : Dec. 19, 2025, 4:16 a.m. | 2 hours, 5 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-52617

CVE-2025-67048 - Apache HTTP Server Remote Code Execution Vulnerability CVE ID : CVE-2025-67048 Published : Dec. 19, 2025, 4:15 p.m. | 2 hours, 8 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67039. Reason: This record is a reservation duplicate of...