Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-54090

Опубликовано: 23 июл. 2025
Источник: redhat
CVSS3: 4.8

Описание

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

A logic flaw has been discovered in Apache HTTP Server version 2.4.64. This vulnerability causes RewriteCond expr directives to always evaluate as true, regardless of the actual condition. This could lead to unintended routing, access control bypasses, or other security policy violations if an administrator relies on these expressions for security enforcement. It is crucial to note that this issue specifically impacts only version 2.4.64; all other versions are unaffected.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat Enterprise Linux 8httpd:2.4/httpdNot affected
Red Hat Enterprise Linux 9httpdNot affected
Red Hat JBoss Core ServiceshttpdNot affected
Red Hat JBoss Core Servicesjbcs-httpd24-httpdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-253
https://bugzilla.redhat.com/show_bug.cgi?id=2383014httpd: Apache HTTP Server logic flaw

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-54090

CVSS3: 6.3
ubuntu
4 месяца назад

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

nvd логотип

CVE-2025-54090

CVSS3: 6.3
nvd
4 месяца назад

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

msrc логотип

CVE-2025-54090

CVSS3: 6.3
msrc
3 месяца назад

Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

debian логотип

CVE-2025-54090

CVSS3: 6.3
debian
4 месяца назад

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr .. ...

github логотип

GHSA-cjqj-vhhm-xq5x

CVSS3: 6.3
github
4 месяца назад

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

4.8 Medium

CVSS3