vulnerability
Oracle Linux: CVE-2025-65082: ELSA-2025-23732: httpd:2.4 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Dec 5, 2025 | Dec 24, 2025 | Dec 29, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Dec 5, 2025
Added
Dec 24, 2025
Modified
Dec 29, 2025
Description
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.
This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
Users are recommended to upgrade to version 2.4.66 which fixes the issue.
This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
Users are recommended to upgrade to version 2.4.66 which fixes the issue.
Solutions
oracle-linux-upgrade-httpdoracle-linux-upgrade-httpd-coreoracle-linux-upgrade-httpd-develoracle-linux-upgrade-httpd-filesystemoracle-linux-upgrade-httpd-manualoracle-linux-upgrade-httpd-toolsoracle-linux-upgrade-mod-http2oracle-linux-upgrade-mod-ldaporacle-linux-upgrade-mod-luaoracle-linux-upgrade-mod-mdoracle-linux-upgrade-mod-proxy-htmloracle-linux-upgrade-mod-sessionoracle-linux-upgrade-mod-ssl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.