AZL-71596 CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

AZL-71863 CVE-2025-55753 affecting package httpd for versions less than 2.4.66-1

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

Slackware: Security Advisory (SSA:2025-338-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : Apache httpd -- Multiple vulnerabilities (6ebe4a30-d138-11f0-af8c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6ebe4a30-d138-11f0-af8c-8447094a420f advisory. The Apache httpd project reports: See changelog or 2.4 vulnerabilities for details. Tenable ha...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2025-338-01)

The version of httpd installed on the remote host is prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-338-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Advisory ROSA-SA-2025-3082

Software: httpd 2.4.6 OS: rosa-server79 unaffected versions = httpd-2.4.6-99.0.7.res7.1 affected versions httpd-2.4.6-99.0.7.res7.1 CVE-ID: CVE-2024-47252 BDU-ID: 2025-08958 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modssl function of the Apache HTTP Server web server is related to a failu...

CVE-2025-60854

A vulnerability has been found in D-Link R15 AX1500 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd...

CVE-2025-60854

CVE-2025-60854 affects D-Link R15 (AX1500) prior to 1.20.02. The vulnerability allows command injection in httpd by manipulating the model name parameter during a password change on the web administrator page. The CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interact...

Security Bulletin: Vulnerabilities in httpd library (CVE-2024-47252, CVE-2025-23048, CVE-2025-49630) affect Power HMC.

Summary The httpd library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47252 DESCRIPTION: Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS...

CVE-2025-60693

A stack-based buffer overflow exists in the getmergemac function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to six user-supplied CGI parameters matching 05 into a fixed-size buffer a2 without proper bounds checking, appending...

EUVD-2025-175299

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

CVE-2025-60693

A stack-based buffer overflow exists in the getmergemac function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to six user-supplied CGI parameters matching 05 into a fixed-size buffer a2 without proper bounds checking, appending...

CVE-2025-60693

A stack-based buffer overflow exists in the getmergemac function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to six user-supplied CGI parameters matching 05 into a fixed-size buffer a2 without proper bounds checking, appending...

CVE-2025-60690

A stack-based buffer overflow exists in the getmergeipaddr function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to four user-supplied CGI parameters matching 03 into a fixed-size buffer a2 without bounds checking. Remote attacke...

CVE-2025-60690

A stack-based buffer overflow exists in the getmergeipaddr function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function concatenates up to four user-supplied CGI parameters matching 03 into a fixed-size buffer a2 without bounds checking. Remote attacke...

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

CVE-2025-60689

An unauthenticated command injection vulnerability exists in the StartEPI function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The vulnerability occurs because user-supplied CGI parameters wlant, wlssid, wlrate, ttcpnum, ttcpip, ttcpsize are concatenated in...

CVE-2025-60694

CVE-2025-60694 affects Linksys E1200 v2 routers running firmware 2.0.11.001_us. A stack-based buffer overflow occurs in httpd's validate_static_route function, where CGI params route_ipaddr_0~3, route_netmask_0~3, and route_gateway_0~3 are concatenated into fixed-size buffers (v6, v10, v14) witho...

CVE-2025-60691

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The applycgi and blockcgi functions copy user-supplied input from the "url" CGI parameter into stack buffers v36, v29 using sprintf without bounds checking. Because these buffe...

PT-2025-46865

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers versions prior to v2.0.11.001 us Description A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers. The apply cgi and block cgi functions copy user-supplied input from the url CGI paramet...