UBUNTU-CVE-2025-65082
- Source
- https://ubuntu.com/security/CVE-2025-65082
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-65082.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-65082
- Upstream
- Published
- 2025-12-05T11:15:00Z
- Modified
- 2025-12-11T08:45:52.030157Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.
- References
Affected packages
Ubuntu:22.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.16?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.48-3.1ubuntu3
2.4.48-3.1ubuntu4
2.4.51-2ubuntu1
2.4.52-1ubuntu1
2.4.52-1ubuntu2
2.4.52-1ubuntu4
2.4.52-1ubuntu4.1
2.4.52-1ubuntu4.2
2.4.52-1ubuntu4.3
2.4.52-1ubuntu4.4
2.4.52-1ubuntu4.5
2.4.52-1ubuntu4.6
2.4.52-1ubuntu4.7
2.4.52-1ubuntu4.8
2.4.52-1ubuntu4.9
2.4.52-1ubuntu4.10
2.4.52-1ubuntu4.11
2.4.52-1ubuntu4.12
2.4.52-1ubuntu4.13
2.4.52-1ubuntu4.14
2.4.52-1ubuntu4.15
2.4.52-1ubuntu4.16
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.52-1ubuntu4.16",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}Ubuntu:24.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.58-1ubuntu8.8?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.57-2ubuntu2
2.4.57-2ubuntu3
2.4.58-1ubuntu1
2.4.58-1ubuntu2
2.4.58-1ubuntu6
2.4.58-1ubuntu7
2.4.58-1ubuntu8
2.4.58-1ubuntu8.1
2.4.58-1ubuntu8.2
2.4.58-1ubuntu8.3
2.4.58-1ubuntu8.4
2.4.58-1ubuntu8.5
2.4.58-1ubuntu8.6
2.4.58-1ubuntu8.7
2.4.58-1ubuntu8.8
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.58-1ubuntu8.8",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}Ubuntu:25.04
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.63-1ubuntu1.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.63-1ubuntu1.1",
"binary_name": "apache2-utils"
}
]
}Ubuntu:25.10
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.64-1ubuntu3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.64-1ubuntu3",
"binary_name": "apache2-utils"
}
]
}Ubuntu:Pro:14.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm10?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
2.4.7-1ubuntu4.22+esm6
2.4.7-1ubuntu4.22+esm8
2.4.7-1ubuntu4.22+esm9
2.4.7-1ubuntu4.22+esm10
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-mpm-event"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-mpm-itk"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-mpm-prefork"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-mpm-worker"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-suexec"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm10",
"binary_name": "apache2.2-bin"
},
{
"binary_version": "1:2.4.7-1ubuntu4.22+esm10",
"binary_name": "libapache2-mod-macro"
},
{
"binary_version": "1:2.4.7-1ubuntu4.22+esm10",
"binary_name": "libapache2-mod-proxy-html"
}
]
}Ubuntu:Pro:16.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm16?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
2.4.18-2ubuntu3.15
2.4.18-2ubuntu3.17
2.4.18-2ubuntu3.17+esm1
2.4.18-2ubuntu3.17+esm2
2.4.18-2ubuntu3.17+esm3
2.4.18-2ubuntu3.17+esm4
2.4.18-2ubuntu3.17+esm5
2.4.18-2ubuntu3.17+esm6
2.4.18-2ubuntu3.17+esm7
2.4.18-2ubuntu3.17+esm8
2.4.18-2ubuntu3.17+esm9
2.4.18-2ubuntu3.17+esm10
2.4.18-2ubuntu3.17+esm11
2.4.18-2ubuntu3.17+esm12
2.4.18-2ubuntu3.17+esm13
2.4.18-2ubuntu3.17+esm14
2.4.18-2ubuntu3.17+esm16
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm16",
"binary_name": "apache2-utils"
}
]
}Ubuntu:Pro:18.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.27+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
2.4.29-1ubuntu4.13
2.4.29-1ubuntu4.14
2.4.29-1ubuntu4.16
2.4.29-1ubuntu4.17
2.4.29-1ubuntu4.18
2.4.29-1ubuntu4.19
2.4.29-1ubuntu4.20
2.4.29-1ubuntu4.21
2.4.29-1ubuntu4.22
2.4.29-1ubuntu4.23
2.4.29-1ubuntu4.24
2.4.29-1ubuntu4.25
2.4.29-1ubuntu4.26
2.4.29-1ubuntu4.27
2.4.29-1ubuntu4.27+esm1
2.4.29-1ubuntu4.27+esm2
2.4.29-1ubuntu4.27+esm3
2.4.29-1ubuntu4.27+esm4
2.4.29-1ubuntu4.27+esm6
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm6",
"binary_name": "apache2-utils"
}
]
}Ubuntu:Pro:20.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.23+esm2?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.41-1ubuntu1
2.4.41-4ubuntu1
2.4.41-4ubuntu2
2.4.41-4ubuntu3
2.4.41-4ubuntu3.1
2.4.41-4ubuntu3.3
2.4.41-4ubuntu3.4
2.4.41-4ubuntu3.5
2.4.41-4ubuntu3.6
2.4.41-4ubuntu3.7
2.4.41-4ubuntu3.8
2.4.41-4ubuntu3.9
2.4.41-4ubuntu3.10
2.4.41-4ubuntu3.11
2.4.41-4ubuntu3.12
2.4.41-4ubuntu3.13
2.4.41-4ubuntu3.14
2.4.41-4ubuntu3.15
2.4.41-4ubuntu3.16
2.4.41-4ubuntu3.17
2.4.41-4ubuntu3.19
2.4.41-4ubuntu3.20
2.4.41-4ubuntu3.21
2.4.41-4ubuntu3.23
2.4.41-4ubuntu3.23+esm2
Ecosystem specific
{
"priority_reason": "Apache developers have rated this as being low severity",
"binaries": [
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-dev"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-ssl-dev"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm2",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}