VulnerableCode Package Details - pkg:apache/httpd@2.0.65

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1bv2-mkj8-ubaz	mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.	CVE-2013-1862
VCID-3cea-3rkm-r7gs	A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)	CVE-2011-0419
VCID-5yez-d5nj-q7eq	An integer overflow flaw was found which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.	CVE-2011-3607
VCID-d4rc-pnv5-6uc8	A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified.	CVE-2012-0053
VCID-kkfv-4jd1-bqdm	A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory: CVE-2011-3192.txt	CVE-2011-3192
VCID-prd8-51a5-pygj	An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/	CVE-2011-3368
VCID-ym93-sxb8-fkdm	A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly.	CVE-2012-0031

Vulnerability

Summary

Aliases

VCID-1bv2-mkj8-ubaz

mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

CVE-2013-1862

VCID-3cea-3rkm-r7gs

A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)

CVE-2011-0419

VCID-5yez-d5nj-q7eq

An integer overflow flaw was found which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.

CVE-2011-3607

VCID-d4rc-pnv5-6uc8

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified.

CVE-2012-0053

VCID-kkfv-4jd1-bqdm

A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory: CVE-2011-3192.txt

CVE-2011-3192

VCID-prd8-51a5-pygj

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/

CVE-2011-3368

VCID-ym93-sxb8-fkdm

A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly.

CVE-2012-0031

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:36:18.782090+00:00	Apache HTTPD Importer	Fixing	VCID-1bv2-mkj8-ubaz	https://httpd.apache.org/security/json/CVE-2013-1862.json	38.0.0
2026-04-01T12:36:18.213251+00:00	Apache HTTPD Importer	Fixing	VCID-d4rc-pnv5-6uc8	https://httpd.apache.org/security/json/CVE-2012-0053.json	38.0.0
2026-04-01T12:36:18.049627+00:00	Apache HTTPD Importer	Fixing	VCID-ym93-sxb8-fkdm	https://httpd.apache.org/security/json/CVE-2012-0031.json	38.0.0
2026-04-01T12:36:17.828556+00:00	Apache HTTPD Importer	Fixing	VCID-5yez-d5nj-q7eq	https://httpd.apache.org/security/json/CVE-2011-3607.json	38.0.0
2026-04-01T12:36:17.640406+00:00	Apache HTTPD Importer	Fixing	VCID-prd8-51a5-pygj	https://httpd.apache.org/security/json/CVE-2011-3368.json	38.0.0
2026-04-01T12:36:17.413766+00:00	Apache HTTPD Importer	Fixing	VCID-kkfv-4jd1-bqdm	https://httpd.apache.org/security/json/CVE-2011-3192.json	38.0.0
2026-04-01T12:36:17.276497+00:00	Apache HTTPD Importer	Fixing	VCID-3cea-3rkm-r7gs	https://httpd.apache.org/security/json/CVE-2011-0419.json	38.0.0