Alert GCSA-25087 - Aggiornamento di sicurezza per prodotti Apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

******************************************************************

Alert ID: GCSA-25087
Data: 14 Luglio 2025
Titolo: Aggiornamento di sicurezza per prodotti Apache

******************************************************************

:: Descrizione del problema

Sono state identificate vulnerabilita' multiple nei prodotti Apache,
che potrebbero essere sfruttate da un attaccante remoto per manipolare dati,
eludere restrizioni di sicurezza ed innescare condizioni di denial of service,
su un sistema che ne sia affetto.


:: Software interessato

Apache HTTP Server versioni precedenti alla 2.4.64
Apache Tomcat versioni precedenti alla 9.0.107
Apache Tomcat versioni precedenti alla 10.1.43
Apache Tomcat versioni precedenti alla 11.0.9


:: Impatto

Denial of Service
Security Restriction Bypass
Data Manipulation


:: Soluzioni

Aggiornare il software alle versioni piu' recenti:

https://httpd.apache.org/security/vulnerabilities_24.html
https://tomcat.apache.org/security-9.html
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html


:: Riferimenti

Apache.org
https://httpd.apache.org/security/vulnerabilities_24.html#Fixed_in_Apache_HTTP_Server_2.4.64
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.107
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.43
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.9

Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53506


GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaHTKbw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBCp9cAn1yL+Uc+uA0NEBa/UhHdK3K40e7eAJ9yRjmicbUK
aGLWq+Vnxt3p+V+Gjg==
=lV+p
-----END PGP SIGNATURE-----