CVE-2025-58098
EUVD-2025-20140805.12.2025, 14:15
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 𝑥 < 2.4.66 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apache2 |
| ||||||||||||||||||||
| apache2-devel |
| ||||||||||||||||||||
| apache2-doc |
| ||||||||||||||||||||
| apache2-example-pages |
| ||||||||||||||||||||
| apache2-prefork |
| ||||||||||||||||||||
| apache2-tls13 |
| ||||||||||||||||||||
| apache2-tls13-devel |
| ||||||||||||||||||||
| apache2-tls13-doc |
| ||||||||||||||||||||
| apache2-tls13-example-pages |
| ||||||||||||||||||||
| apache2-tls13-prefork |
| ||||||||||||||||||||
| apache2-tls13-utils |
| ||||||||||||||||||||
| apache2-tls13-worker |
| ||||||||||||||||||||
| apache2-utils |
| ||||||||||||||||||||
| apache2-worker |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration