5.4
CVE-2025-66200
- EPSS 0.04%
- Veröffentlicht 05.12.2025 11:02:25
- Zuletzt bearbeitet 10.12.2025 16:39:43
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.4.7 < 2.4.66
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.125 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.