BIT-apache-2025-65082

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2025-65082.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-apache-2025-65082

Aliases

CVE-2025-65082

Published

2025-12-09T11:38:18.501Z

Modified

2025-12-09T12:27:54.885861Z

Summary

Apache HTTP Server: CGI environment variable override

Details

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.

Users are recommended to upgrade to version 2.4.66 which fixes the issue.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / apache

Package

Name: apache
Purl: pkg:bitnami/apache

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.4.0

Fixed

2.4.66

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2025-65082.json"