Hello,
I was preparing to update Apache to version 2.4.64 and discovered that this version contains a bug/vulnerability: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (CVE-2025-54090).
According to https://access.redhat.com/security/cve/cve-2025-54090:
"This could lead to unintended routing, access control bypasses, or other security policy violations if an administrator relies on these expressions for security enforcement. It is crucial to note that this issue specifically impacts only version 2.4.64; all other versions are unaffected."
When can we expect version 2.4.65, which fixes the bug introduced with 2.4.64, in a Custombuild? RewriteCond is a commonly used rule/condition.
Mateusz
I was preparing to update Apache to version 2.4.64 and discovered that this version contains a bug/vulnerability: Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 (CVE-2025-54090).
According to https://access.redhat.com/security/cve/cve-2025-54090:
"This could lead to unintended routing, access control bypasses, or other security policy violations if an administrator relies on these expressions for security enforcement. It is crucial to note that this issue specifically impacts only version 2.4.64; all other versions are unaffected."
When can we expect version 2.4.65, which fixes the bug introduced with 2.4.64, in a Custombuild? RewriteCond is a commonly used rule/condition.
Mateusz
