VulnerableCode Package Details - pkg:apache/httpd@1.3.42

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apache/httpd@1.3.42

Essentials
History (2)

purl	pkg:apache/httpd@1.3.42

Next non-vulnerable version	2.0.65
Latest non-vulnerable version	2.4.54
Risk	9.6

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-prd8-51a5-pygj Aliases: CVE-2011-3368	An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/	2.0.65 Affected by 0 other vulnerabilities. 2.2.22 Affected by 21 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-prd8-51a5-pygj
Aliases:
CVE-2011-3368

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/

2.0.65
Affected by 0 other vulnerabilities.

2.2.22
Affected by 21 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-123w-f3zc-37d9	An incorrect conversion between numeric types flaw was found in the mod_proxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted response.	CVE-2010-0010

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:36:17.562186+00:00	Apache HTTPD Importer	Affected by	VCID-prd8-51a5-pygj	https://httpd.apache.org/security/json/CVE-2011-3368.json	38.0.0
2026-04-01T12:36:16.581482+00:00	Apache HTTPD Importer	Fixing	VCID-123w-f3zc-37d9	https://httpd.apache.org/security/json/CVE-2010-0010.json	38.0.0