Synopsis:
httpd security updateSummary:
An update for httpd is now available for openEuler-22.03-LTS-SP4Description:
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.
Security Fix(es):
An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures (~30 days in default configurations), the backoff timer becomes 0. Certificate renewal attempts are then repeated without delays until successful. This issue affects confidentiality, integrity, and availability.(CVE-2025-55753)Topic:
An update for httpd is now available for openEuler-22.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
httpd
2.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp42.4.51-27.oe2203sp4Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:HI:NA:N7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N