11 matches found
EulerOS Virtualization 2.10.0 : httpd (EulerOS-SA-2026-1556)
According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader...
[SECURITY] [DLA 4452-1] apache2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4452-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 24, 2026 https://wiki.debian.org/LTS -...
RHEL 10 : httpd (RHSA-2026:0171)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0171 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Apache HTTP Server: Serv...
CLSA-2026-1767800942 httpd: Fix of CVE-2025-58098
CVE-2025-58098: don't pass querry string args as command line arguments to SSI-invoked CGI scripts...
CVE-2025-58098 affecting package httpd for versions less than 2.4.66-1
CVE-2025-58098 affecting package httpd for versions less than 2.4.66-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-58098 affecting package httpd for versions less than 2.4.66-1
CVE-2025-58098 affecting package httpd for versions less than 2.4.66-1. An upgraded version of the package is available that resolves this issue...
Fedora: Security Advisory (FEDORA-2025-9621c19da8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BELL-CVE-2025-58098
Bulletin has no description...
DEBIAN-CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...
CVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...
CVE-2025-58098
creationtimestamp| type| source ---|---|--- 2025-12-04 14:18:26+00:00| seen| https://seclists.org/oss-sec/2025/q4/241 2025-12-04 16:01:18+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m76dsazp6v2s 2025-12-04 17:40:45+00:00| seen|...