VulnerableCode Package Details - pkg:deb/debian/apache2@2.2.8-5?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3se4-9vwa-1qbt	suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."	CVE-2007-1742
VCID-q2hz-2qtr-dbht	Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."	CVE-2007-1741

Vulnerability

Summary

Aliases

VCID-3se4-9vwa-1qbt

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

CVE-2007-1742

VCID-q2hz-2qtr-dbht

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

CVE-2007-1741

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-13T06:32:39.287017+00:00	Debian Importer	Fixing	VCID-3se4-9vwa-1qbt	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:02:53.027226+00:00	Debian Importer	Fixing	VCID-q2hz-2qtr-dbht	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:05:57.997193+00:00	Debian Importer	Fixing	VCID-3se4-9vwa-1qbt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:03:34.883813+00:00	Debian Importer	Fixing	VCID-q2hz-2qtr-dbht	https://security-tracker.debian.org/tracker/data/json	38.1.0