{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"httpd security update", "category":"general", "title":"Synopsis" }, { "text":"An update for httpd is now available for openEuler-24.03-LTS-SP2", "category":"general", "title":"Summary" }, { "text":"Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nAn integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures (~30 days in default configurations), the backoff timer becomes 0. Certificate renewal attempts are then repeated without delays until successful. This issue affects confidentiality, integrity, and availability.(CVE-2025-55753)\n\nApache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd=\"...\" directives.\n\nThis issue affects Apache HTTP Server before 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.(CVE-2025-58098)\n\nImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.\n\nThis issue affects Apache HTTP Server from 2.4.0 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66 which fixes the issue.(CVE-2025-65082)\n\nmod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.\n\nThis issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.(CVE-2025-66200)", "category":"general", "title":"Description" }, { "text":"An update for httpd is now available for openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"httpd", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1593", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1593" }, { "summary":"CVE-2025-55753", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-55753&packageName=httpd" }, { "summary":"CVE-2025-58098", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-58098&packageName=httpd" }, { "summary":"CVE-2025-65082", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-65082&packageName=httpd" }, { "summary":"CVE-2025-66200", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-66200&packageName=httpd" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55753" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58098" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65082" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66200" }, { "summary":"openEuler-SA-2026-1593 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1593.json" } ], "title":"An update for httpd is now available for openEuler-24.03-LTS-SP2", "tracking":{ "initial_release_date":"2026-03-15T13:56:25+08:00", "revision_history":[ { "date":"2026-03-15T13:56:25+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-03-15T13:56:25+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-03-15T13:56:25+08:00", "id":"openEuler-SA-2026-1593", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-filesystem-2.4.58-12.oe2403sp2.noarch.rpm", "name":"httpd-filesystem-2.4.58-12.oe2403sp2.noarch.rpm" }, "name":"httpd-filesystem-2.4.58-12.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-help-2.4.58-12.oe2403sp2.noarch.rpm", "name":"httpd-help-2.4.58-12.oe2403sp2.noarch.rpm" }, "name":"httpd-help-2.4.58-12.oe2403sp2.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"httpd-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"httpd-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-debugsource-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"httpd-debugsource-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"httpd-debugsource-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-devel-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"httpd-devel-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"httpd-devel-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-tools-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"httpd-tools-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"httpd-tools-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_ldap-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"mod_ldap-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"mod_ldap-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_md-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"mod_md-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"mod_md-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_proxy_html-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"mod_proxy_html-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"mod_proxy_html-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_session-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"mod_session-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"mod_session-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_ssl-2.4.58-12.oe2403sp2.aarch64.rpm", "name":"mod_ssl-2.4.58-12.oe2403sp2.aarch64.rpm" }, "name":"mod_ssl-2.4.58-12.oe2403sp2.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-2.4.58-12.oe2403sp2.src.rpm", "name":"httpd-2.4.58-12.oe2403sp2.src.rpm" }, "name":"httpd-2.4.58-12.oe2403sp2.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"httpd-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"httpd-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-debugsource-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"httpd-debugsource-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"httpd-debugsource-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-devel-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"httpd-devel-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"httpd-devel-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"httpd-tools-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"httpd-tools-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"httpd-tools-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_ldap-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"mod_ldap-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"mod_ldap-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_md-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"mod_md-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"mod_md-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_proxy_html-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"mod_proxy_html-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"mod_proxy_html-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_session-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"mod_session-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"mod_session-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"mod_ssl-2.4.58-12.oe2403sp2.x86_64.rpm", "name":"mod_ssl-2.4.58-12.oe2403sp2.x86_64.rpm" }, "name":"mod_ssl-2.4.58-12.oe2403sp2.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-filesystem-2.4.58-12.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-filesystem-2.4.58-12.oe2403sp2.noarch", "name":"httpd-filesystem-2.4.58-12.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-help-2.4.58-12.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-help-2.4.58-12.oe2403sp2.noarch", "name":"httpd-help-2.4.58-12.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-2.4.58-12.oe2403sp2.aarch64", "name":"httpd-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64", "name":"httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-debugsource-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-debugsource-2.4.58-12.oe2403sp2.aarch64", "name":"httpd-debugsource-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-devel-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-devel-2.4.58-12.oe2403sp2.aarch64", "name":"httpd-devel-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-tools-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-tools-2.4.58-12.oe2403sp2.aarch64", "name":"httpd-tools-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_ldap-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_ldap-2.4.58-12.oe2403sp2.aarch64", "name":"mod_ldap-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_md-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_md-2.4.58-12.oe2403sp2.aarch64", "name":"mod_md-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_proxy_html-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_proxy_html-2.4.58-12.oe2403sp2.aarch64", "name":"mod_proxy_html-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_session-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_session-2.4.58-12.oe2403sp2.aarch64", "name":"mod_session-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_ssl-2.4.58-12.oe2403sp2.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_ssl-2.4.58-12.oe2403sp2.aarch64", "name":"mod_ssl-2.4.58-12.oe2403sp2.aarch64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-2.4.58-12.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-2.4.58-12.oe2403sp2.src", "name":"httpd-2.4.58-12.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-2.4.58-12.oe2403sp2.x86_64", "name":"httpd-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64", "name":"httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-debugsource-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-debugsource-2.4.58-12.oe2403sp2.x86_64", "name":"httpd-debugsource-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-devel-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-devel-2.4.58-12.oe2403sp2.x86_64", "name":"httpd-devel-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"httpd-tools-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:httpd-tools-2.4.58-12.oe2403sp2.x86_64", "name":"httpd-tools-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_ldap-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_ldap-2.4.58-12.oe2403sp2.x86_64", "name":"mod_ldap-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_md-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_md-2.4.58-12.oe2403sp2.x86_64", "name":"mod_md-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_proxy_html-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_proxy_html-2.4.58-12.oe2403sp2.x86_64", "name":"mod_proxy_html-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_session-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_session-2.4.58-12.oe2403sp2.x86_64", "name":"mod_session-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"mod_ssl-2.4.58-12.oe2403sp2.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:mod_ssl-2.4.58-12.oe2403sp2.x86_64", "name":"mod_ssl-2.4.58-12.oe2403sp2.x86_64 as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-55753", "notes":[ { "text":"An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures (~30 days in default configurations), the backoff timer becomes 0. Certificate renewal attempts are then repeated without delays until successful. This issue affects confidentiality, integrity, and availability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP2:httpd-filesystem-2.4.58-12.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:httpd-help-2.4.58-12.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:httpd-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:httpd-debuginfo-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:httpd-debugsource-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:httpd-devel-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:httpd-tools-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:mod_ldap-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:mod_md-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:mod_proxy_html-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:mod_session-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:mod_ssl-2.4.58-12.oe2403sp2.aarch64", "openEuler-24.03-LTS-SP2:httpd-2.4.58-12.oe2403sp2.src", "openEuler-24.03-LTS-SP2:httpd-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:httpd-debuginfo-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:httpd-debugsource-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:httpd-devel-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:httpd-tools-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:mod_ldap-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:mod_md-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:mod_proxy_html-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:mod_session-2.4.58-12.oe2403sp2.x86_64", "openEuler-24.03-LTS-SP2:mod_ssl-2.4.58-12.oe2403sp2.x86_64" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"httpd security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1593" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-55753" }, { "cve":"CVE-2025-58098", "notes":[ { "text":"Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd=\"...\" directives.\n\nThis issue affects Apache HTTP Server before 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"httpd security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1593" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-58098" }, { "cve":"CVE-2025-65082", "notes":[ { "text":"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.\n\nThis issue affects Apache HTTP Server from 2.4.0 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66 which fixes the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"httpd security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1593" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-65082" }, { "cve":"CVE-2025-66200", "notes":[ { "text":"mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.\n\nThis issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"httpd security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1593" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-66200" } ] }