VulnerableCode Package Details - pkg:deb/debian/apache2@2.4.16-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3wuk-hwg1-6fa6	A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.	CVE-2015-3185
VCID-k4kb-21tp-4kc8	An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.	CVE-2015-3183

Vulnerability

Summary

Aliases

VCID-3wuk-hwg1-6fa6

A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.

CVE-2015-3185

VCID-k4kb-21tp-4kc8

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.

CVE-2015-3183

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:43:24.708565+00:00	Debian Importer	Fixing	VCID-3wuk-hwg1-6fa6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:26:43.977760+00:00	Debian Importer	Fixing	VCID-k4kb-21tp-4kc8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:43:26.003842+00:00	Debian Importer	Fixing	VCID-3wuk-hwg1-6fa6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:47:52.196007+00:00	Debian Importer	Fixing	VCID-k4kb-21tp-4kc8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:00.518035+00:00	Debian Importer	Fixing	VCID-3wuk-hwg1-6fa6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:38.771208+00:00	Debian Importer	Fixing	VCID-k4kb-21tp-4kc8	https://security-tracker.debian.org/tracker/data/json	38.1.0