Alert GCSA-25087 - Aggiornamento di sicurezza per prodotti Apache
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25087
Data: 14 Luglio 2025
Titolo: Aggiornamento di sicurezza per prodotti Apache
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple nei prodotti Apache,
che potrebbero essere sfruttate da un attaccante remoto per manipolare dati,
eludere restrizioni di sicurezza ed innescare condizioni di denial of service,
su un sistema che ne sia affetto.
:: Software interessato
Apache HTTP Server versioni precedenti alla 2.4.64
Apache Tomcat versioni precedenti alla 9.0.107
Apache Tomcat versioni precedenti alla 10.1.43
Apache Tomcat versioni precedenti alla 11.0.9
:: Impatto
Denial of Service
Security Restriction Bypass
Data Manipulation
:: Soluzioni
Aggiornare il software alle versioni piu' recenti:
https://httpd.apache.org/security/vulnerabilities_24.html
https://tomcat.apache.org/security-9.html
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html
:: Riferimenti
Apache.org
https://httpd.apache.org/security/vulnerabilities_24.html#Fixed_in_Apache_HTTP_Server_2.4.64
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.107
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.43
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.9
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaHTKbw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCp9cAn1yL+Uc+uA0NEBa/UhHdK3K40e7eAJ9yRjmicbUK
aGLWq+Vnxt3p+V+Gjg==
=lV+p
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25087
Data: 14 Luglio 2025
Titolo: Aggiornamento di sicurezza per prodotti Apache
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple nei prodotti Apache,
che potrebbero essere sfruttate da un attaccante remoto per manipolare dati,
eludere restrizioni di sicurezza ed innescare condizioni di denial of service,
su un sistema che ne sia affetto.
:: Software interessato
Apache HTTP Server versioni precedenti alla 2.4.64
Apache Tomcat versioni precedenti alla 9.0.107
Apache Tomcat versioni precedenti alla 10.1.43
Apache Tomcat versioni precedenti alla 11.0.9
:: Impatto
Denial of Service
Security Restriction Bypass
Data Manipulation
:: Soluzioni
Aggiornare il software alle versioni piu' recenti:
https://httpd.apache.org/security/vulnerabilities_24.html
https://tomcat.apache.org/security-9.html
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html
:: Riferimenti
Apache.org
https://httpd.apache.org/security/vulnerabilities_24.html#Fixed_in_Apache_HTTP_Server_2.4.64
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.107
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.43
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.9
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaHTKbw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCp9cAn1yL+Uc+uA0NEBa/UhHdK3K40e7eAJ9yRjmicbUK
aGLWq+Vnxt3p+V+Gjg==
=lV+p
-----END PGP SIGNATURE-----