Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-66200

Опубликовано: 05 дек. 2025
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.

This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.4.7 (включая) до 2.4.66 (исключая)

EPSS

Процентиль: 17%
0.00055
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-288

Связанные уязвимости

ubuntu логотип

CVE-2025-66200

CVSS3: 5.4
ubuntu
4 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

redhat логотип

CVE-2025-66200

CVSS3: 5.4
redhat
4 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

msrc логотип

CVE-2025-66200

CVSS3: 5.4
msrc
3 месяца назад

Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo

debian логотип

CVE-2025-66200

CVSS3: 5.4
debian
4 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in ...

github логотип

GHSA-3j3g-3pw9-9vcc

CVSS3: 5.4
github
4 месяца назад

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

EPSS

Процентиль: 17%
0.00055
Низкий

5.4 Medium

CVSS3

Дефекты

CWE-288