Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-65082

Опубликовано: 05 дек. 2025
Источник: debian
EPSS Низкий

Описание

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.66-1package
apache2no-dsatrixiepackage
apache2no-dsabookwormpackage
apache2postponedbullseyepackage

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082

  • https://github.com/apache/httpd/commit/e4f00c5eb71d8a7aa1f52b5279832986f669d463

EPSS

Процентиль: 33%
0.00128
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-65082

CVSS3: 6.5
ubuntu
12 дней назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

nvd логотип

CVE-2025-65082

CVSS3: 6.5
nvd
12 дней назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

msrc логотип

CVE-2025-65082

msrc
9 дней назад

Apache HTTP Server: CGI environment variable override

github логотип

GHSA-768g-4qpg-32w7

CVSS3: 6.5
github
12 дней назад

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

fstec логотип

BDU:2025-15637

CVSS3: 6.5
fstec
около 1 месяца назад

Уязвимость веб-сервера Apache HTTP Server, связанная с непринятием мер по нейтрализации специальных управляющих элементов, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 33%
0.00128
Низкий