Search for packages
| purl | pkg:apache/httpd@2.4.44 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-eesz-v6ae-gya3 | In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. |
CVE-2020-9490
|
| VCID-t67v-c4gx-ukbj | In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE |
CVE-2020-11984
|
| VCID-yz3c-arnr-y3cs | In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. |
CVE-2020-11993
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:36:22.797322+00:00 | Apache HTTPD Importer | Fixing | VCID-yz3c-arnr-y3cs | https://httpd.apache.org/security/json/CVE-2020-11993.json | 38.0.0 |
| 2026-04-01T12:36:22.727409+00:00 | Apache HTTPD Importer | Fixing | VCID-t67v-c4gx-ukbj | https://httpd.apache.org/security/json/CVE-2020-11984.json | 38.0.0 |
| 2026-04-01T12:36:22.706343+00:00 | Apache HTTPD Importer | Fixing | VCID-eesz-v6ae-gya3 | https://httpd.apache.org/security/json/CVE-2020-9490.json | 38.0.0 |