Detections
Analytics

openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)

critical Nessus Plugin ID 317698

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory.

 Changes in apache2:

 Version update to 2.4.66 (jsc#PED-16181)

 *) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo.
 mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.
 This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.
 *) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment variable override.
 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.
 This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
 *) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF.
 Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
 *) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
 Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd=... directives.
 This issue affects Apache HTTP Server before 2.4.66.
 *) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.
 This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.
 *) mod_http2: Fix handling of 304 responses from mod_cache.
 *) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of integers, used in push diaries and proxy window size calculations.
 *) mod_md: update to version 2.6.5
 - New directive `MDInitialDelay`, controlling how longer to wait after a server restart before checking certificates for renewal.
 [Michael Kaufmann]
 - Hardening: when build with OpenSSL older than 1.0.2 or old libressl versions, the parsing of ASN.1 time strings did not do a length check.
 - Hardening: when reading back OCSP responses stored in the local JSON store, missing 'valid' key led to uninitialized values, resulting in wrong refresh behaviour.
 *) mod_md: update to version 2.6.6
 - Fix a small memory leak when using OpenSSL's BIGNUMs.
 - Fix reuse of curl easy handles by resetting them.
 *) mod_http2: update to version 2.0.35 New directive `H2MaxStreamErrors` to control how much bad behaviour by clients is tolerated before the connection is closed.
 *) mod_proxy_http2: add support for ProxyErrorOverride directive.
 *) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify the value set for the TCP_DEFER_ACCEPT socket option on listen sockets.
 *) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual host compatibility policy.
 *) mod_md: update to version 2.6.2
 - Fix error retry delay calculation to not already doubling the wait on the first error.
 *) mod_md: update to version 2.6.1
 - Increasing default `MDRetryDelay` to 30 seconds to generate less bursty traffic on errored renewals for the ACME CA. This leads to error retries of 30s, 1 minute, 2, 4, etc. up to daily attempts.
 - Checking that configuring `MDRetryDelay` will result in a positive duration. A delay of 0 is not accepted.
 - Fix a bug in checking Content-Type of responses from the ACME server.
 - Added ACME ARI support (rfc9773) to the module. Enabled by default. New directive MDRenewViaARI on|off for controlling this.
 - Removing tailscale support. It has not been working for a long time as the company decided to change their APIs. Away with the dead code, documentation and tests.
 - Fixed a compilation issue with pre-industrial versions of libcurl.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://www.suse.com/security/cve/CVE-2024-42516

https://www.suse.com/security/cve/CVE-2024-43204

https://www.suse.com/security/cve/CVE-2024-47252

https://www.suse.com/security/cve/CVE-2025-23048

https://www.suse.com/security/cve/CVE-2025-49630

https://www.suse.com/security/cve/CVE-2025-49812

https://www.suse.com/security/cve/CVE-2025-53020

https://www.suse.com/security/cve/CVE-2025-55753

https://www.suse.com/security/cve/CVE-2025-58098

https://www.suse.com/security/cve/CVE-2025-59775

https://www.suse.com/security/cve/CVE-2025-65082

https://www.suse.com/security/cve/CVE-2025-66200

Plugin Details

Severity: Critical

ID: 317698

File Name: openSUSE-2026-20810-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/29/2026

Updated: 5/29/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-23048

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:apache2-devel, p-cpe:/a:novell:opensuse:apache2-manual, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:apache2-prefork, p-cpe:/a:novell:opensuse:apache2-worker, p-cpe:/a:novell:opensuse:apache2-utils, p-cpe:/a:novell:opensuse:apache2, p-cpe:/a:novell:opensuse:apache2-event

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2026

Vulnerability Publication Date: 2/12/2025

Reference Information

CVE: CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048, CVE-2025-49630, CVE-2025-49812, CVE-2025-53020, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200

IAVA: 2025-A-0508-S, 2025-A-0889-S