Detections
Analytics
Apache 2.4.x < 2.4.66 Multiple Vulnerabilities
high Web App Scanning Plugin ID 115071
Language:
Synopsis
Apache 2.4.x < 2.4.66 Multiple VulnerabilitiesDescription
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities:- Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content. (CVE-2025-59775)
- A security bypass vulnerability exists involving the interaction between mod_userdir and suexec. Users with access to use the RequestHeader directive in .htaccess via AllowOverride FileInfo can bypass restrictions and cause some CGI scripts to run under an unexpected userid. (CVE-2025-66200)
- An integer overflow in mod_md (ACME) in Apache HTTP Server allows for unintended retry intervals. In the case of failed ACME certificate renewal, the backoff timer can become 0, causing attempts to renew the certificate to repeat without delays (infinite loop) until success. (CVE-2025-55753)
- A vulnerability in mod_cgid allows for the injection of query strings into command executions. Apache HTTP Server with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. (CVE-2025-58098)
- Improper Neutralization of Escape, Meta, or Control Sequences in Apache HTTP Server allows environment variables set via the Apache configuration to unexpectedly supersede variables calculated by the server for CGI programs. (CVE-2025-65082) Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Apache version 2.4.66 or later.See Also
https://archive.apache.org/dist/httpd/CHANGES_2.4.66
https://httpd.apache.org/security/vulnerabilities_24.html#2.4.66
Plugin Details
Severity: High
ID: 115071
Type: remote
Family: Component Vulnerability
Published: 12/8/2025
Updated: 12/8/2025
Scan Template: api, basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 6.3
CVSS v2
Risk Factor: High
Base Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P
CVSS Score Source: CVE-2025-58098
CVSS v3
Risk Factor: High
Base Score: 8.3
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
CVSS Score Source: CVE-2025-58098
Vulnerability Information
CPE: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 12/3/2025
Reference Information
CVE: CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200
CWE: 150, 190, 201, 288, 305, 918
OWASP: 2010-A3, 2010-A4, 2010-A6, 2013-A2, 2013-A4, 2013-A5, 2013-A9, 2017-A2, 2017-A5, 2017-A6, 2017-A9, 2021-A1, 2021-A10, 2021-A6, 2021-A7
WASC: Application Misconfiguration, Improper Input Handling, Information Leakage, Insufficient Authentication, Integer Overflows
CAPEC: 100, 114, 115, 116, 13, 151, 169, 194, 22, 224, 230, 231, 285, 287, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 312, 313, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 472, 497, 508, 57, 573, 574, 575, 576, 577, 59, 593, 60, 616, 633, 643, 646, 650, 651, 79, 92, 94
DISA STIG: APSC-DV-000460, APSC-DV-002560, APSC-DV-002590, APSC-DV-002630, APSC-DV-003235
HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)
ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5
NIST: sp800_53-AC-3, sp800_53-CM-6b, sp800_53-SI-10, sp800_53-SI-15, sp800_53-SI-16
OWASP API: 2019-API7, 2023-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.2.6, 4.0.2-8.3.4
PCI-DSS: 3.2-6.2, 3.2-6.5, 3.2-6.5.10, 3.2-6.5.2, 3.2-6.5.8, 3.2-6.5.9