A number of Common Vulnerabilities and Exposures (CVE's) published for Apache HTTPS Server 2.4.64 and older.  These CVE's are remediated in Apache HTTP Server 2.4.65.

For Apache HTTP Server on Siteminder Access Gateway, see the following KB's:

KB423495: Vulnerabilities in Apache 2.4.65 and older in Siteminder Access Gateway r12.8.8.1 and Older

KB422058: Vulnerabilities in Apache 2.4.65 on Siteminder Access Gateway 12.9

PRODUCT: SiteMinder

COMPONENT: Agent for Sharepoint

VERSION: 12.8.7 & 12.8.8

OPERATING SYSTEM: ANY

The following CVE's have been published for Apache HTTP Server 2.4.65 and older for Access Gateway

==============================
CVE-2025-55753 "mod_md (ACME), unintended retry intervals "

IMPACT: low
DESCRIPTION: An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.
IMPACTED: Apache HTTP Server 2.4.30 before 2.4.65.
REMDIATED: Apache HTTP Server 2.4.66

---------------------------
CVE-2025-58098: Server Side Includes adds query string to #exec cmd=...

IMPACT: moderate
DESCRIPTION: Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.
IMPACTED: Apache HTTP Server 2.4.65 and older
REMDIATED: Apache HTTP Server 2.4.66

---------------------------
CVE-2025-59775: NTLM Leakage on Windows through UNC SSRF

IMPACT: moderate
DESCRIPTION: Server-Side Request Forgery (SSRF) vulnerability on Windows.  With AllowEncodedSlashes On and MergeSlashes Off it allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
IMPACTED: Apache HTTP Server 2.4.65 and older
REMDIATED: Apache HTTP Server 2.4.66

---------------------------
CVE-2025-65082: CGI environment variable override

IMPACT: low
DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.
IMPACTED: Apache HTTP Server 2.4.0 through 2.4.65.
REMDIATED: Apache HTTP Server 2.4.66

---------------------------
CVE-2025-66200: mod_userdir+suexec bypass via AllowOverride FileInfo

IMPACT: moderate
DESCRIPTION: mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.
IMPACTED: Apache HTTP Server 2.4.7 through 2.4.65.
REMDIATED: Apache HTTP Server 2.4.66

==============================

This solution only applies to Apache HTTP Server on the Sharepoint Agent r12.8.x.  For Apache on Siteminder Access Gateway, review the following KB's:

KB423495: Vulnerabilities in Apache 2.4.65 and older in Siteminder Access Gateway r12.8.8.1 and Older

KB422058: Vulnerabilities in Apache 2.4.65 on Siteminder Access Gateway 12.9

How to Verify the version of Apache HTTP Server Installed on Siteminder Agent for Sharepoint

WINDOWS

1. Stop the running Sharepoint Agent

2. Using File Explorer, navigate to the Sharepoint Agent installation directory

Default: <Install_Dir>\CA\Agent-for-SharePoint\

3. Back-up the original '\httpd' directory <httpd_orig>

<Install_Dir>\CA\Agent-for-SharePoint\httpd

4. Unzip the attached "httpd_2466_win64_Sharepoint.zip" and copy the 'httpd' folder to <Install_Dir>\CA\Agent-for-SharePoint\

5. Copy the the '/conf' directory from the original  "<httpd_orig>\conf"  into  <Install_Dir>\CA\Agent-for-SharePoint\httpd\

6. Copy the the 'configssl.bat' file from the original  "<httpd_orig>\bin"  into  <Install_Dir>\CA\Agent-for-SharePoint\httpd\bin\

8. Upgrade to OpenSSL 1.0.2zm as per KB420795 Vulnerabilities in OpenSSL 1.0.2ZL and Older on Siteminder Sharepoint Agent r12.8.x

9. Start the Sharepoint Agent

LINUX

1. Stop the running Sharepoint Agent

2. Navigate to the Sharepoint Agent installation directory 

Default: <Install_Dir>/CA/Agent-for-SharePoint/

3. Back-up the original '/httpd' directory <httpd_orig>

<Install_Dir>/CA/Agent-for-SharePoint/httpd

4. Unzip the attached 'httpd_2466_Linux_Sharepoint.zip' file and copy the '/httpd' folder to <Install_Dir>/CA/Agent-for-SharePoint/

5. Copy the following files from the original  <httpd_orig>  into  <Install_Dir>/CA/Agent-for-SharePoint/

cp -r httpd_orig/conf  httpd/
cp httpd_orig/bin/apachectl httpd/bin/
cp httpd_orig/bin/apr-1-config  httpd/bin/
cp httpd_orig/bin/apu-1-config httpd/bin/
cp httpd_orig/bin/apxs httpd/bin/
cp httpd_orig/bin/envvars httpd/bin/
cp httpd_orig/bin/envvars-std  httpd/bin/

6. Upgrade to OpenSSL 1.0.2zm as per KB420795: Vulnerabilities in OpenSSL 1.0.2ZL and Older on Siteminder Sharepoint Agent r12.8.x

7. Start the Sharepoint Agent

How to Verify the version of Apache HTTP Server Installed on Siteminder Agent for Sharepoint

KB420795: Vulnerabilities in OpenSSL 1.0.2ZL and Older on Siteminder Sharepoint Agent r12.8.x

KB423495: Vulnerabilities in Apache 2.4.65 and older in Siteminder Access Gateway r12.8.8.1 and Older

KB422058: Vulnerabilities in Apache 2.4.65 on Siteminder Access Gateway 12.9

Apache HTTP Server 2.4.x Vulnerabilities:

CVE-2025-55753
CVE-2025-58098
CVE-2025-59775
CVE-2025-65082
CVE-2025-66200
CVE-2025-54090
CVE-2024-42516
CVE-2024-43204
CVE-2024-43394
CVE-2024-47252
CVE-2025-23048
CVE-2025-49630
CVE-2024-49812
CVE-2024-40898
CVE-2024-40725
CVE-2024-40898
CVE-2023-38709
CVE-2024-36387
CVE-2024-24795
CVE-2024-27316
CVE-2023-31122
CVE-2023-43622
CVE-2023-45802
CVE-2023-25690
CVE-2023-27522
CVE-2006-20001
CVE-2022-36760
CVE-2022-37436