CNNVD-202512-682 Information
CNNVD ID
CNNVD-202512-682
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.66之前版本存在安全漏洞,该漏洞源于mod_cgid将shell转义的查询字符串传递给exec cmd指令,可能导致命令注入。
Description (English)
Apache HTTP Server is an open-source web server of the Apache Foundation in the United States. The server has a fast, reliable character and can be expanded through a simple API. A security loophole existed in the previous version of Apache HTTP Server 2.4.66, which originated from the transfer of the search string converted by the shell to exec cmd, which could lead to the injection of the command.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-05
Last Modified
2026-02-24
References
http://www.openwall.com/lists/oss-security/2025/12/04/5 https://vigilance.fr/vulnerability/Apache- https://www.oracle.com/security-alerts/cpujan2026.html
Patch
https://httpd.apache.org/download.cgi
Share on: