VulnerableCode Package Details - pkg:apache/httpd@1.3.41

Search for packages

Vulnerability	Summary	Fixed by
VCID-123w-f3zc-37d9 Aliases: CVE-2010-0010	An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response.	1.3.42 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-prd8-51a5-pygj Aliases: CVE-2011-3368	An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/	2.0.65 Affected by 0 other vulnerabilities. 2.2.22 Affected by 21 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-123w-f3zc-37d9
Aliases:
CVE-2010-0010

An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response.

1.3.42
Affected by 1 other vulnerability.

VCID-prd8-51a5-pygj
Aliases:
CVE-2011-3368

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/

2.0.65
Affected by 0 other vulnerabilities.

2.2.22
Affected by 21 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dqkp-f1my-dbg9	A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.	CVE-2007-5000
VCID-kgpj-aexq-7kah	A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.	CVE-2007-6388

Vulnerability

Summary

Aliases

VCID-dqkp-f1my-dbg9

A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.

CVE-2007-5000

VCID-kgpj-aexq-7kah

A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

CVE-2007-6388

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:36:17.560640+00:00	Apache HTTPD Importer	Affected by	VCID-prd8-51a5-pygj	https://httpd.apache.org/security/json/CVE-2011-3368.json	38.0.0
2026-04-01T12:36:16.579373+00:00	Apache HTTPD Importer	Affected by	VCID-123w-f3zc-37d9	https://httpd.apache.org/security/json/CVE-2010-0010.json	38.0.0
2026-04-01T12:36:14.925093+00:00	Apache HTTPD Importer	Fixing	VCID-kgpj-aexq-7kah	https://httpd.apache.org/security/json/CVE-2007-6388.json	38.0.0
2026-04-01T12:36:14.666582+00:00	Apache HTTPD Importer	Fixing	VCID-dqkp-f1my-dbg9	https://httpd.apache.org/security/json/CVE-2007-5000.json	38.0.0