CVE-2025-65082

CVE-2025-65082 affects Apache HTTP Server 2.4.0–2.4.65, due to improper neutralization of Escape, Meta, or Control sequences in environment variables set via Apache config, which can supersede server-calculated CGI variables. The issue, identified across multiple advisories (Debian DLA-4452-1, AL...

CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-65082 Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

Apache HTTP Server 安全漏洞

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A cross-site request forgery vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause NTLM hash...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.66-i586-1slack15.0.txz: Upgraded. This release fixes bugs and the following security issues: moduserdir+suexec bypass via...

Apache HTTP Server < 2.4.66 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...

Linux Distros Unpatched Vulnerability : CVE-2025-55753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer...

PT-2025-48326

CVE-2025-66230 - Apache HTTP Server Unvalidated Redirect CVE ID : CVE-2025-66230 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-48331

CVE-2025-66235 - Apache Server HTTP Header Injection CVE ID : CVE-2025-66235 Published : Nov. 26, 2025, 4:15 a.m. | 2 hours, 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-48028

CVE-2025-13594 - Apache HTTP Server Command Injection Vulnerability CVE ID : CVE-2025-13594 Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and...

TencentOS Server 3: httpd:2.4 (TSSA-2024:0763)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0763 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2387)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-45532

CVE-2025-64473 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-64473 Published : Nov. 6, 2025, 4:15 a.m. | 3 hours, 33 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Exploit for Exposure of Resource to Wrong Sphere in Apache Http_Server

HTTP Request Smuggling Detection Tool This repository contain...

Astra Linux – Vulnerability in Apache2

Splitting of HTTP responses within the core of the Apache HTTP Server allows attackers who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2025-2294)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : httpd (EulerOS-SA-2025-2294)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications...