Bugs fixes in "apache2"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2025-65082 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache co | 2026-01-19 |
| CVE | CVE-2025-58098 | Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to | 2026-01-19 |
| CVE | CVE-2025-55753 | An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the bac | 2026-01-19 |
| Launchpad | 2117112 | 421 Misdirected Request: apache2 regression | 2026-01-19 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-14 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-14 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-14 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-14 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-13 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-13 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-13 |
| Launchpad | 2119395 | CVE-2024-38474-regression.patch add an extra call to do_expand() | 2025-08-13 |
| CVE | CVE-2025-53020 | Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63 | 2025-07-16 |
| CVE | CVE-2025-49812 | In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker | 2025-07-16 |
| CVE | CVE-2025-49630 | In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untruste | 2025-07-16 |
| CVE | CVE-2025-23048 | In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 | 2025-07-16 |
| CVE | CVE-2024-47252 | Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape c | 2025-07-16 |
| CVE | CVE-2024-43204 | SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an | 2025-07-16 |
| CVE | CVE-2024-42516 | HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hos | 2025-07-16 |
| CVE | CVE-2025-53020 | Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63 | 2025-07-16 |
About
-
Send Feedback to @ubuntu_updates
