vulnerability
Oracle Linux: CVE-2025-58098: ELSA-2025-23732: httpd:2.4 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:C/I:C/A:P) | Dec 5, 2025 | Dec 24, 2025 | Jan 15, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:P)
Published
Dec 5, 2025
Added
Dec 24, 2025
Modified
Jan 15, 2026
Description
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.
This issue affects Apache HTTP Server before 2.4.66.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
This issue affects Apache HTTP Server before 2.4.66.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Solutions
oracle-linux-upgrade-httpdoracle-linux-upgrade-httpd-coreoracle-linux-upgrade-httpd-develoracle-linux-upgrade-httpd-filesystemoracle-linux-upgrade-httpd-manualoracle-linux-upgrade-httpd-toolsoracle-linux-upgrade-mod-http2oracle-linux-upgrade-mod-ldaporacle-linux-upgrade-mod-luaoracle-linux-upgrade-mod-mdoracle-linux-upgrade-mod-proxy-htmloracle-linux-upgrade-mod-sessionoracle-linux-upgrade-mod-ssl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.