CVE-2025-52972 – Apache HTTP Server Command Injection

June 24, 2025

CVE ID : CVE-2025-52972

Published : June 24, 2025, 3:15 a.m. | 2 hours, 1 minute ago

Description : Rejected reason: Not used

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52975 – Apache HTTP Server HTTP Request Smuggling

Next Article CVE-2025-6552 – Apache Hope-Boot Java Open Redirect Vulnerability

Highlights

CVE-2025-52891 – ModSecurity XML Tag Segmentation Fault Vulnerability

July 2, 2025

CVE ID : CVE-2025-52891

Published : July 2, 2025, 3:15 p.m. | 4 hours, 27 minutes ago

Description : ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xml, and at least one XML tag is empty (eg ), then a segmentation fault occurs. This issue has been patched in version 2.9.11. A workaround involves setting SecParseXmlIntoArgs to Off.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

3 portable power stations I travel everywhere with (and how they differ)

I tried Lenovo’s new rollable ThinkBook and can’t go back to regular-sized screens

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-52972 – Apache HTTP Server Command Injection

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Forge Sparks – get Git forges notifications

I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

Best early Prime Day smartwatch and fitness tracker deals: My 10 favorite sales live now

How Tiny UX Changes Echo, State of CSS 2025 & Logos that Standout

CVE-2025-52891 – ModSecurity XML Tag Segmentation Fault Vulnerability

CVE-2025-43854 – DIFY Clickjacking Vulnerability

How to Build Robust Networking Layers in Swift with OpenAPI

Tailwind CSS vs Bootstrap: A Side-by-Side Comparison

CVE-2025-52972 – Apache HTTP Server Command Injection

Related Posts