—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Apache HTTP Server 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

Apache HTTP server versions prior to to 2.4.66

Overview

Multiple Vulnerabilities have been reported in Apache HTTP Server which could be exploited by a remote attacker to perform security restriction bypass, disclose sensitive information and cause denial of service (DoS) condition on the targeted system.

Target Audience:

System administrators, DevOps teams and organizations managing Apache HTTP Server.

Risk Assessment:

High risk of unauthorized access to sensitive data, bypass security control, or disruption of services.

Impact Assessment:

Potential for sensitive information disclosure, system compromise or service disruption.

Description

Apache HTTP Server is an open-source web server platform widely used for hosting web applications and websites, known for its reliability, performance, and cross-platform support.

Multiple vulnerabilities exist in Apache HTTP Server due to integer overflow issue, flaw with Server Side Includes adds query string to #exec cmd=’…’ directives, flaw when AllowEncodedSlashes is on and MergeSlashes is off, Improper Neutralization of Escape, Meta, or Control Sequences and mod_userdir+suexec bypass flaw.

Successful exploitation of these vulnerabilities could allow a remote attacker to perform security restriction bypass, disclose sensitive information and cause denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://httpd.apache.org/security/vulnerabilities_24.html

Vendor Information

Apache HTTP Server

https://httpd.apache.org/security/vulnerabilities_24.html

References

Apache HTTP Server

https://httpd.apache.org/security/vulnerabilities_24.html

CVE Name

CVE-2025-55753

CVE-2025-58098

CVE-2025-59775

CVE-2025-65082

CVE-2025-66200

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlEDDcACgkQ3jCgcSdc

ys+iDA//Yn5nc2NqnH2M3S2OqMXusQZ1CzD6JKNVopJkIc4kjedtZP/UzBHWqLRA

Aj1YCZu4k2qpxVpL0HQc0eACqWoBEWeK+0U9E0JDsrXWu5H+eHo+vBw+3r5ihA++

2+fx7zDumVVUoT/nliCPd08ANjgkybMpMwGkQ7oHBFh+zTCq0w7uAgL7jIXsOK7m

h7gWAxu54CYKyVALlpJkuXynBj0vVzR69oE/W0knV4mFdud63ShAQP1KTxDJJS2/

qX++kTAlVwBd636g45xFrHeE3pBD+D8ewiSGpVHjXw6OIT/QMnvD+ga2UO0nrsqC

jyYRVfSQyPyRyZUXEbHi9uNnWXAWbGQ/krs+UtbLNLGQ0e5zdRAdrPAEsajWdyqg

O1WVkMqs0vTpqD/7CHOaQ6/FfMmz9Bb+baprcCihsFLJmfXMNe1mokn2vsJtOHnH

GLrHe7nnfqZNv9FsHuYQYulbGFrucUHrQYDB4V/fNK4c/7Qktxn/VmPETG+ZxckQ

f4HxAY3L2N1uGMhP9sqqjYO4LyWPK5fWHl4V5KhMUfBwrmgR7BSJRLDlaRPmPDqL

l59zQMHGCLXGiLWGsyzWLpvA1A+Z8WUNfq916tpwCfIddiAFAsGh+rll3wufh5Dw

jgi9vi7oNARSIMk4hY55Xj5is3c5p8elYFsyU06ociFHHiapdXc=

=EqfB

—–END PGP SIGNATURE—–