mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.
This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Weakness
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.7 (including) | 2.4.66 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | httpd-0:2.4.63-4.el10_1.3 | * |
| Red Hat Enterprise Linux 8 | RedHat | httpd:2.4-8100020251212173309.489197e6 | * |
| Red Hat Enterprise Linux 9 | RedHat | httpd-0:2.4.62-7.el9_7.3 | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | jammy | * |
| Apache2 | Ubuntu | noble | * |
| Apache2 | Ubuntu | plucky | * |
| Apache2 | Ubuntu | questing | * |
| Apache2 | Ubuntu | upstream | * |