Описание
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.65-1 | package | |
| apache2 | not-affected | bookworm | package | |
| apache2 | not-affected | bullseye | package |
Примечания
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b (2.4.65)
Introduced by: https://github.com/apache/httpd/commit/8efe8ea18c6f7123c5779bb4d9551ccf407dc0c4 (2.4.64)
EPSS
Связанные уязвимости
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.
EPSS