Описание
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | pending | 2.4.66-2ubuntu1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | needs-triage | |
| esm-infra/xenial | needs-triage | |
| jammy | released | 2.4.52-1ubuntu4.18 |
| noble | released | 2.4.58-1ubuntu8.10 |
| plucky | ignored | end of life, was needs-triage |
| questing | released | 2.4.64-1ubuntu3.2 |
| upstream | released | 2.4.66 |
Показывать по
6.5 Medium
CVSS3
Связанные уязвимости
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.
Apache HTTP Server: CGI environment variable override
Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.
Уязвимость веб-сервера Apache HTTP Server, связанная с непринятием мер по нейтрализации специальных управляющих элементов, позволяющая нарушителю оказать влияние на конфиденциальность и целостность защищаемой информации
6.5 Medium
CVSS3