Bug 2419262 (CVE-2025-66200)
| Summary: | CVE-2025-66200 httpd: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | csutherl, jclere, pjindal, plodge, szappis, vchlup |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A permissions bypass flaw has been discovered in the apache HTTP server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2420208, 2420209 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-12-05 12:01:17 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:23732 https://access.redhat.com/errata/RHSA-2025:23732 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:23932 https://access.redhat.com/errata/RHSA-2025:23932 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:23919 https://access.redhat.com/errata/RHSA-2025:23919 |