Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache HTTP Server Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-58098 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Insertion of Sensitive Information Into Sent Data Vulnerability - CVE-2025-58098

High
Reference: CVE-2025-58098
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-58098
Title: Apache HTTP Server Insertion of Sensitive Information Into Sent Data Vulnerability
Overview:

Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to exec cmdquot...quot directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66 which fixes the issue.