Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Server May Allow Malicious Certificate Renewal Attempts
OESA-2026-1530
Summary
Apache's web server may allow a hacker to repeatedly try to renew a certificate, potentially leading to disruption or unauthorized access. This issue affects Apache versions 2.4.30 to 2.4.66. To fix the issue, update your Apache installation to a newer version.
What to do
- Update httpd to version 2.4.51-27.oe2203sp4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | httpd | <= 2.4.51-27.oe2203sp4 | 2.4.51-27.oe2203sp4 |
Original title
httpd security update
Original description
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.
Security Fix(es):
An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures (~30 days in default configurations), the backoff timer becomes 0. Certificate renewal attempts are then repeated without delays until successful. This issue affects confidentiality, integrity, and availability.(CVE-2025-55753)
Security Fix(es):
An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures (~30 days in default configurations), the backoff timer becomes 0. Certificate renewal attempts are then repeated without delays until successful. This issue affects confidentiality, integrity, and availability.(CVE-2025-55753)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-55753 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026