VulnerableCode Package Details - pkg:deb/debian/apache2@2.4.46-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-eesz-v6ae-gya3	In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.	CVE-2020-9490
VCID-t67v-c4gx-ukbj	In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE	CVE-2020-11984
VCID-yz3c-arnr-y3cs	In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.	CVE-2020-11993

Vulnerability

Summary

Aliases

VCID-eesz-v6ae-gya3

In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CVE-2020-9490

VCID-t67v-c4gx-ukbj

In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE

CVE-2020-11984

VCID-yz3c-arnr-y3cs

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

CVE-2020-11993

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:54:54.680693+00:00	Debian Importer	Fixing	VCID-t67v-c4gx-ukbj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:31:11.101682+00:00	Debian Importer	Fixing	VCID-eesz-v6ae-gya3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:32:43.458849+00:00	Debian Importer	Fixing	VCID-yz3c-arnr-y3cs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:52:02.446180+00:00	Debian Importer	Fixing	VCID-t67v-c4gx-ukbj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:34:21.447333+00:00	Debian Importer	Fixing	VCID-eesz-v6ae-gya3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:52:11.204233+00:00	Debian Importer	Fixing	VCID-yz3c-arnr-y3cs	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:35.230943+00:00	Debian Importer	Fixing	VCID-t67v-c4gx-ukbj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:18.817463+00:00	Debian Importer	Fixing	VCID-eesz-v6ae-gya3	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:59.989469+00:00	Debian Importer	Fixing	VCID-yz3c-arnr-y3cs	https://security-tracker.debian.org/tracker/data/json	38.1.0