Early Access — Mondoo Vulnerability Intelligence is currently in preview.

RHSA-2026:0009

HIGH7.5

Red Hat Security Advisory: httpd:2.4 security update

Published Jan 5, 2026

Modified 6 days ago

Fix available

Affected Packages

Red Hat:rhel_aus:8.2::appstreamhttpd

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-debuginfo

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-debugsource

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-devel

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-filesystem

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-manual

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-tools

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreamhttpd-tools-debuginfo

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_http2

Fixed in:

0:1.11.3-3.module+el8.2.0+23461+1d03af5c.5

Red Hat:rhel_aus:8.2::appstreammod_http2-debuginfo

Fixed in:

0:1.11.3-3.module+el8.2.0+23461+1d03af5c.5

Red Hat:rhel_aus:8.2::appstreammod_http2-debugsource

Fixed in:

0:1.11.3-3.module+el8.2.0+23461+1d03af5c.5

Red Hat:rhel_aus:8.2::appstreammod_ldap

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_ldap-debuginfo

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_md

Fixed in:

1:2.0.8-7.module+el8.2.0+23841+60fa4803.1

Red Hat:rhel_aus:8.2::appstreammod_md-debuginfo

Fixed in:

1:2.0.8-7.module+el8.2.0+23841+60fa4803.1

Red Hat:rhel_aus:8.2::appstreammod_md-debugsource

Fixed in:

1:2.0.8-7.module+el8.2.0+23841+60fa4803.1

Red Hat:rhel_aus:8.2::appstreammod_proxy_html

Fixed in:

1:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_proxy_html-debuginfo

Fixed in:

1:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_session

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_session-debuginfo

Fixed in:

0:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_ssl

Fixed in:

1:2.4.37-21.module+el8.2.0+23841+60fa4803.11

Red Hat:rhel_aus:8.2::appstreammod_ssl-debuginfo

Fixed in:

1:2.4.37-21.module+el8.2.0+23841+60fa4803.11

References

ADVISORYhttps://access.redhat.com/errata/RHSA-2026:0009 REPORThttps://access.redhat.com/security/cve/CVE-2025-55753 REPORThttps://access.redhat.com/security/cve/CVE-2025-58098 ARTICLEhttps://access.redhat.com/security/updates/classification/#important REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2419140 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2419365 ARTICLEhttps://httpd.apache.org/security/vulnerabilities_24.html ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-55753 ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-58098 ADVISORYhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0009.json ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-55753 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-58098

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Upstream

CVE-2025-55753 CVE-2025-58098

Ecosystems

Red Hat rhel_aus 8.2 appstream

Timeline

PublishedJan 5, 2026

ModifiedJan 8, 2026

RHSA-2026:0009 | Mondoo Vulnerability Intelligence