PT-2025-53428

CVE-2025-68695 - Apache HTTP Server Cross-Site Request Forgery CSRF CVE ID : CVE-2025-68695 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53602

CVE-2025-5448 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-5448 Published : Dec. 24, 2025, 2:15 p.m. | 2 hours, 57 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

PT-2025-53420

CVE-2025-68687 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68687 Published : Dec. 24, 2025, 4:15 a.m. | 50 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

TencentOS Server 3: httpd:2.4 (TSSA-2025:0973)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0973 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RLSA-2025:23739 Important: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: modmd:...

PT-2025-52875

CVE-2025-68651 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2025-68651 Published : Dec. 23, 2025, 4:15 a.m. | 2 hours, 43 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

PT-2025-53397

CVE-2023-5093 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2023-5093 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more...

PT-2025-52878

CVE-2025-68654 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-68654 Published : Dec. 23, 2025, 4:15 a.m. | 2 hours, 43 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-53396

CVE-2023-5092 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2023-5092 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more details...

PT-2025-53400

CVE-2025-48863 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-48863 Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

PT-2025-53401

CVE-2025-48864 - Apache HTTP Server Cross-Site Scripting CVE ID : CVE-2025-48864 Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago Description : Rejected reason: This CVE id was assigned but later discarded. Severity: 0.0 | NA Visit the link for more details, such as CVSS details,...

PT-2025-53398

CVE-2023-5094 - Apache HTTP Server Denial of Service CVE ID : CVE-2023-5094 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more details,...

RockyLinux 9 : httpd (RLSA-2025:23919)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23919 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileIn...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

httpd:2.4 security update

An update is available for module.modhttp2, module.modmd, modmd, httpd, modhttp2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

httpd: Apache HTTP Server: CGI environment variable override

A configuration override flaw has been discovered in the apache HTTP server. Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server...

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

Oracle Linux 10 : mod_md (ELSA-2025-23738)

The remote Oracle Linux 10 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-23738 advisory. 1:2.4.26-4 - Resolves: RHEL-134483 - httpd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753 Tenable has extracted the preceding...