{"id":"AZL-71596","summary":"CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1","details":"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.\n\nThis issue affects Apache HTTP Server from 2.4.0 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66 which fixes the issue.","modified":"2026-04-01T05:21:45.240995Z","published":"2025-12-05T11:15:52Z","upstream":["CVE-2025-65082"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65082"}],"affected":[{"package":{"name":"httpd","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/httpd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.66-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71596.json"}}],"schema_version":"1.7.5"}