Red Hat Security Advisory: httpd:2.4 security update
Red Hat issued a security advisory for the Apache HTTP Server (httpd) 2.4 packages addressing two vulnerabilities: CVE-2025-55753 in mod_md related to unintended retry intervals, and CVE-2025-58098 in Server Side Includes where query strings are added to #exec cmd= commands. The update is rated as Important by Red Hat Product Security and affects Red Hat Enterprise Linux 8.8 variants. The advisory provides updated packages to fix these issues.
AI Analysis
Technical Summary
This advisory covers two security fixes for Apache HTTP Server 2.4 on Red Hat Enterprise Linux 8.8. CVE-2025-55753 concerns mod_md (ACME) where unintended retry intervals could cause issues. CVE-2025-58098 involves Server Side Includes (SSI) adding query strings to the #exec cmd= directive, which may lead to unexpected behavior. Red Hat has released updated packages to address these vulnerabilities. No CVSS scores are provided in the advisory, but the issues are rated as Important by Red Hat. The advisory references updated packages for httpd and related modules for Red Hat Enterprise Linux 8.8.
Potential Impact
The vulnerabilities impact the Apache HTTP Server 2.4 on Red Hat Enterprise Linux 8.8. The mod_md issue could cause unintended retry behavior, potentially affecting ACME certificate management. The SSI vulnerability could cause query strings to be appended to commands executed via #exec, possibly leading to unexpected command execution contexts. The advisory rates these issues as Important, indicating a significant security impact but no known exploits in the wild have been reported.
Mitigation Recommendations
Red Hat has released updated httpd packages for Red Hat Enterprise Linux 8.8 that address these vulnerabilities. Users should apply the security update RHSA-2026:0012 promptly to remediate these issues. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified or required beyond applying the official update.
Red Hat Security Advisory: httpd:2.4 security update
Description
Red Hat issued a security advisory for the Apache HTTP Server (httpd) 2.4 packages addressing two vulnerabilities: CVE-2025-55753 in mod_md related to unintended retry intervals, and CVE-2025-58098 in Server Side Includes where query strings are added to #exec cmd= commands. The update is rated as Important by Red Hat Product Security and affects Red Hat Enterprise Linux 8.8 variants. The advisory provides updated packages to fix these issues.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security fixes for Apache HTTP Server 2.4 on Red Hat Enterprise Linux 8.8. CVE-2025-55753 concerns mod_md (ACME) where unintended retry intervals could cause issues. CVE-2025-58098 involves Server Side Includes (SSI) adding query strings to the #exec cmd= directive, which may lead to unexpected behavior. Red Hat has released updated packages to address these vulnerabilities. No CVSS scores are provided in the advisory, but the issues are rated as Important by Red Hat. The advisory references updated packages for httpd and related modules for Red Hat Enterprise Linux 8.8.
Potential Impact
The vulnerabilities impact the Apache HTTP Server 2.4 on Red Hat Enterprise Linux 8.8. The mod_md issue could cause unintended retry behavior, potentially affecting ACME certificate management. The SSI vulnerability could cause query strings to be appended to commands executed via #exec, possibly leading to unexpected command execution contexts. The advisory rates these issues as Important, indicating a significant security impact but no known exploits in the wild have been reported.
Mitigation Recommendations
Red Hat has released updated httpd packages for Red Hat Enterprise Linux 8.8 that address these vulnerabilities. Users should apply the security update RHSA-2026:0012 promptly to remediate these issues. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified or required beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:0012
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-58098"]
- Cvss Version
- null
Threat ID: 6a4049df27e9c79719831b01
Added to database: 06/27/2026, 22:08:31 UTC
Last enriched: 06/27/2026, 22:26:28 UTC
Last updated: 06/28/2026, 15:51:09 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.