VulnerableCode Package Details - pkg:rpm/redhat/httpd@2.4.63-4.el10

Search for packages

Vulnerability	Summary	Fixed by
VCID-2d8p-bbc1-hkfa Aliases: CVE-2025-58098	Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.	There are no reported fixed by versions.
VCID-fsh3-7b9j-dfgf Aliases: CVE-2025-65082	Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.	There are no reported fixed by versions.
VCID-varh-ysfr-euc8 Aliases: CVE-2025-66200	mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2d8p-bbc1-hkfa
Aliases:
CVE-2025-58098

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

There are no reported fixed by versions.

VCID-fsh3-7b9j-dfgf
Aliases:
CVE-2025-65082

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

There are no reported fixed by versions.

VCID-varh-ysfr-euc8
Aliases:
CVE-2025-66200

mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:34:13.150014+00:00	RedHat Importer	Affected by	VCID-fsh3-7b9j-dfgf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json	38.0.0
2026-04-01T13:34:13.063584+00:00	RedHat Importer	Affected by	VCID-varh-ysfr-euc8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json	38.0.0
2026-04-01T13:34:12.788615+00:00	RedHat Importer	Affected by	VCID-2d8p-bbc1-hkfa	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json	38.0.0