VulnerableCode Package Details - pkg:deb/debian/apache2@2.4.38-3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4sss-a8ne-kqbc	When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this.	CVE-2019-0197
VCID-6vxq-uxxw-ybeh	Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.	CVE-2019-0196
VCID-ehv1-yvpu-ubcg	In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.	CVE-2019-0211
VCID-ugdv-apr8-g3bz	In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.	CVE-2019-0215
VCID-uwqg-yytc-vfae	When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.	CVE-2019-0220
VCID-w6p6-u8ku-k3f6	In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.	CVE-2019-0217

Vulnerability

Summary

Aliases

VCID-4sss-a8ne-kqbc

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this.

CVE-2019-0197

VCID-6vxq-uxxw-ybeh

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.

CVE-2019-0196

VCID-ehv1-yvpu-ubcg

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

CVE-2019-0211

VCID-ugdv-apr8-g3bz

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.

CVE-2019-0215

VCID-uwqg-yytc-vfae

When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

CVE-2019-0220

VCID-w6p6-u8ku-k3f6

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

CVE-2019-0217

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:17:19.911597+00:00	Debian Importer	Fixing	VCID-ugdv-apr8-g3bz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:46:59.848625+00:00	Debian Importer	Fixing	VCID-uwqg-yytc-vfae	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:39:48.420526+00:00	Debian Importer	Fixing	VCID-6vxq-uxxw-ybeh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:36:05.820789+00:00	Debian Importer	Fixing	VCID-ehv1-yvpu-ubcg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:54:56.303036+00:00	Debian Importer	Fixing	VCID-w6p6-u8ku-k3f6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:45:25.977228+00:00	Debian Importer	Fixing	VCID-4sss-a8ne-kqbc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:09:07.833341+00:00	Debian Importer	Fixing	VCID-ugdv-apr8-g3bz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:46:04.828389+00:00	Debian Importer	Fixing	VCID-uwqg-yytc-vfae	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:40:43.471639+00:00	Debian Importer	Fixing	VCID-6vxq-uxxw-ybeh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:37:56.140588+00:00	Debian Importer	Fixing	VCID-ehv1-yvpu-ubcg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:23:55.498704+00:00	Debian Importer	Fixing	VCID-w6p6-u8ku-k3f6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:53:00.266050+00:00	Debian Importer	Fixing	VCID-4sss-a8ne-kqbc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:17:59.694000+00:00	Debian Importer	Fixing	VCID-ugdv-apr8-g3bz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:09.576996+00:00	Debian Importer	Fixing	VCID-uwqg-yytc-vfae	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:45.466412+00:00	Debian Importer	Fixing	VCID-6vxq-uxxw-ybeh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:31.736117+00:00	Debian Importer	Fixing	VCID-ehv1-yvpu-ubcg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:50.091165+00:00	Debian Importer	Fixing	VCID-w6p6-u8ku-k3f6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:36.828088+00:00	Debian Importer	Fixing	VCID-4sss-a8ne-kqbc	https://security-tracker.debian.org/tracker/data/json	38.1.0