VulnerableCode Package Details - pkg:alpm/archlinux/apache@2.4.25-3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:alpm/archlinux/apache@2.4.25-3

Essentials
History (5)

purl	pkg:alpm/archlinux/apache@2.4.25-3

Next non-vulnerable version	2.4.26-1
Latest non-vulnerable version	2.4.55-1
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-1189-ej89-hybs Aliases: CVE-2017-3169	mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.	2.4.26-1 Affected by 0 other vulnerabilities.
VCID-fyrq-yg2u-jkc7 Aliases: CVE-2017-7679	mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.	2.4.26-1 Affected by 0 other vulnerabilities.
VCID-qayj-kts9-3fde Aliases: CVE-2017-3167	Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.	2.4.26-1 Affected by 0 other vulnerabilities.
VCID-twj7-4qwm-2khv Aliases: CVE-2017-7668	The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.	2.4.26-1 Affected by 0 other vulnerabilities.
VCID-wshe-gf99-tbg6 Aliases: CVE-2017-7659	A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.	2.4.26-1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:14.476340+00:00	Arch Linux Importer	Affected by	VCID-qayj-kts9-3fde	https://security.archlinux.org/AVG-316	38.0.0
2026-04-01T18:26:14.453443+00:00	Arch Linux Importer	Affected by	VCID-1189-ej89-hybs	https://security.archlinux.org/AVG-316	38.0.0
2026-04-01T18:26:14.431502+00:00	Arch Linux Importer	Affected by	VCID-wshe-gf99-tbg6	https://security.archlinux.org/AVG-316	38.0.0
2026-04-01T18:26:14.407661+00:00	Arch Linux Importer	Affected by	VCID-twj7-4qwm-2khv	https://security.archlinux.org/AVG-316	38.0.0
2026-04-01T18:26:14.383793+00:00	Arch Linux Importer	Affected by	VCID-fyrq-yg2u-jkc7	https://security.archlinux.org/AVG-316	38.0.0