Lucene search
K

226 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.3 views

EulerOS 2.0 SP13 : httpd (EulerOS-SA-2026-1278)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

8.3CVSS5.9AI score0.01527EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 12:43 p.m.5 views

OESA-2026-1528 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

8.3CVSS7.1AI score0.01527EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 12:43 p.m.3 views

OESA-2026-1527 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

8.3CVSS5.8AI score0.01527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 7:20 p.m.3 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.01527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/23 7:19 p.m.3 views

httpd: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

A server side include handling flaw has been discovered in the Apache HTTP server. When Server Side Includes SSI areenabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives an attacker may be able to inject commands executed by the server...

8.3CVSS5.7AI score0.01527EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2026-005339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005339 advisory. Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References4
Veracode
Veracode
added 2026/02/05 4:59 a.m.7 views

OS Command Injection

Apache HTTP Server is vulnerable to OS Command Injection. The vulnerability is due to improper handling of shell-escaped query strings when Server Side Includes SSI with exec cmd="..." are used alongside modcgid, which allows an attacker to inject and execute arbitrary system commands by crafting...

8.3CVSS5.9AI score0.01527EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-58098)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-58098 advisory. - Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but no...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.3 views

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-58098)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-58098 advisory. - Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but no...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References1
OSV
OSV
added 2026/01/19 2:59 p.m.8 views

USN-7968-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...

8.3CVSS5.9AI score0.01527EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/01/19 2:59 p.m.10 views

USN-7968-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled failed ACME certificate renewals. This could result in renewal attempts to be repeated without delays, possibly leading to a denial of service. CVE-2025-55753 Anthony Parfenov discovered that the Apache HTTP Server would pass the...

8.3CVSS7.5AI score0.01527EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/01/15 12:0 a.m.5 views

Security update for apache2 (moderate)

openSUSE security update: security update for apache2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20030-1 Rating: moderate References: bsc1254511 bsc1254512 bsc1254514 bsc1254515 Cross-References: CVE-2025-55753 CVE-2025-58098 CVE-2025-65082...

6.8CVSS7.2AI score0.01527EPSS
Exploits0References4
OSV
OSV
added 2026/01/14 11:3 a.m.3 views

SUSE-SU-2026:20081-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME, unintended retry intervals bsc1254511 - CVE-2025-58098: Fixed Server Side Includes adds query string to exec cmd bsc1254512 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-66200...

8.3CVSS5.8AI score0.01527EPSS
Exploits0References9
OSV
OSV
added 2026/01/14 10:49 a.m.3 views

OPENSUSE-SU-2026:20030-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME, unintended retry intervals bsc1254511 - CVE-2025-58098: Fixed Server Side Includes adds query string to exec cmd bsc1254512 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-66200...

8.3CVSS6.7AI score0.01527EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

TencentOS Server 2: httpd (TSSA-2026:0012)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0012 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.6 views

Astra Linux – Vulnerability in Apache2

Apache HTTP Server 2.4.65 and earlier, with Server Side Includes SSI enabled and modcgid but not modcgi, pass the shell-escaped query string to the exec cmd="..." directives. This issue affects Apache HTTP Server versions prior to 2.4.66. Users are recommended to upgrade to version 2.4.66, which...

8.3CVSS7.1AI score0.01527EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : httpd-2.4.62-7.el9_7.3 (AXSA:2025-11631:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11631:11 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride...

8.3CVSS7.3AI score0.01527EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : httpd:2.4 (AXSA:2026-017:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-017:01 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 modmd: Apache HTTP Server: modmd ACME, unintended retry intervals...

8.3CVSS7.4AI score0.01527EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.16 views

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1318)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1318 advisory. Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=... directives. CVE-2025-58098 Improper...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.3 views

RHEL 10 : httpd (RHSA-2026:0171)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0171 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serv...

8.3CVSS5.6AI score0.01527EPSS
Exploits0References4
Rows per page
Query Builder