CNNVD-202512-686 Information

CNNVD ID

CNNVD-202512-686

Related CVE

CVE-2025-66200

• CNNVD Published: 2025-12-05

Description (Chinese)

Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.7版本至2.4.65版本存在安全漏洞，该漏洞源于mod_userdir+suexec绕过，可能导致CGI脚本以意外用户身份运行。

Description (English)

Apache HTTP Server is an open-source web server of the Apache Foundation in the United States. The server has a fast, reliable character and can be expanded through a simple API. There is a security loophole between Appache HTTP Server 2.4.7 and 2.4.65, which originates from the mod userdir+suexec bypass, which may lead to CGI scripts operating as unexpected users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-12-05

Last Modified

2026-02-24

References

http://www.openwall.com/lists/oss-security/2025/12/04/8 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66200

Patch

https://httpd.apache.org/download.cgi