Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:apk/alpine/apache2@2.4.66-r0?arch=x86&distroversion=v3.22&reponame=main
purl pkg:apk/alpine/apache2@2.4.66-r0?arch=x86&distroversion=v3.22&reponame=main
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-2d8p-bbc1-hkfa Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue. CVE-2025-58098
VCID-fsh3-7b9j-dfgf Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue. CVE-2025-65082
VCID-pru9-2rza-qycd Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue. CVE-2025-59775
VCID-td8g-tmny-jyaa An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue. CVE-2025-55753
VCID-varh-ysfr-euc8 mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue. CVE-2025-66200

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-08T06:23:52.099425+00:00 Alpine Linux Importer Fixing VCID-varh-ysfr-euc8 https://secdb.alpinelinux.org/v3.22/main.json 38.1.0
2026-04-06T04:50:11.875182+00:00 Alpine Linux Importer Fixing VCID-pru9-2rza-qycd https://secdb.alpinelinux.org/v3.22/main.json 38.1.0
2026-04-03T17:56:01.678770+00:00 Alpine Linux Importer Fixing VCID-fsh3-7b9j-dfgf https://secdb.alpinelinux.org/v3.22/main.json 38.1.0
2026-04-01T19:11:44.133526+00:00 Alpine Linux Importer Fixing VCID-td8g-tmny-jyaa https://secdb.alpinelinux.org/v3.22/main.json 38.0.0
2026-04-01T19:09:37.160940+00:00 Alpine Linux Importer Fixing VCID-2d8p-bbc1-hkfa https://secdb.alpinelinux.org/v3.22/main.json 38.0.0