Описание
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.65-1 | package | |
| apache2 | not-affected | bookworm | package | |
| apache2 | not-affected | bullseye | package |
Примечания
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b (2.4.65)
Introduced by: https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 (2.4.64)
EPSS
Связанные уязвимости
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
EPSS