Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-65082

Опубликовано: 05 дек. 2025
Источник: debian
EPSS Низкий

Описание

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.66-1package
apache2fixed2.4.66-1~deb13u1trixiepackage
apache2fixed2.4.66-1~deb12u1bookwormpackage

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082

  • https://github.com/apache/httpd/commit/e4f00c5eb71d8a7aa1f52b5279832986f669d463

EPSS

Процентиль: 36%
0.00149
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-65082

CVSS3: 6.5
ubuntu
2 месяца назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

nvd логотип

CVE-2025-65082

CVSS3: 6.5
nvd
2 месяца назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

msrc логотип

CVE-2025-65082

CVSS3: 6.5
msrc
около 2 месяцев назад

Apache HTTP Server: CGI environment variable override

github логотип

GHSA-768g-4qpg-32w7

CVSS3: 6.5
github
2 месяца назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

fstec логотип

BDU:2025-15637

CVSS3: 6.5
fstec
3 месяца назад

Уязвимость веб-сервера Apache HTTP Server, связанная с непринятием мер по нейтрализации специальных управляющих элементов, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 36%
0.00149
Низкий