CVE-2025-58098

Опубликовано: 05 дек. 2025

Источник: nvd

CVSS3: 8.3

EPSS Низкий

Описание

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.

This issue affects Apache HTTP Server before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Ссылки

https://httpd.apache.org/security/vulnerabilities_24.html
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/12/04/5
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия до 2.4.66 (исключая)

EPSS

Процентиль: 26%

0.00091

Низкий

8.3 High

CVSS3

Дефекты

CWE-201

Связанные уязвимости

CVE-2025-58098

CVSS3: 8.3

ubuntu

2 месяца назад

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

CVE-2025-58098

CVSS3: 8.3

msrc

около 2 месяцев назад

Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

CVE-2025-58098

CVSS3: 8.3

debian

2 месяца назад

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) ...

GHSA-4m29-g52g-c6qc

CVSS3: 8.3

github

2 месяца назад

ELSA-2026-0075

oracle-oval

28 дней назад

ELSA-2026-0075: httpd security update (IMPORTANT)

EPSS

Процентиль: 26%

0.00091

Низкий

8.3 High

CVSS3

Дефекты

CWE-201