VulnerableCode Package Details - pkg:deb/debian/apache2@2.4.61-1~deb12u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6tgh-b4td-63f5	Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.	CVE-2024-39573
VCID-8edq-8rvq-rkf1		CVE-2024-38475
VCID-8nw9-zpxn-ckab	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.	CVE-2024-38476
VCID-ej7y-7na3-5qby	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.	CVE-2024-38474
VCID-ftjw-9fb6-d3cw	Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.	CVE-2024-38473
VCID-pjxs-hnjr-duey	null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.	CVE-2024-38477
VCID-r2pc-wuzb-h7hk	Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.	CVE-2024-36387

Vulnerability

Summary

Aliases

VCID-6tgh-b4td-63f5

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-39573

VCID-8edq-8rvq-rkf1

CVE-2024-38475

VCID-8nw9-zpxn-ckab

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-38476

VCID-ej7y-7na3-5qby

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.

CVE-2024-38474

VCID-ftjw-9fb6-d3cw

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-38473

VCID-pjxs-hnjr-duey

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

CVE-2024-38477

VCID-r2pc-wuzb-h7hk

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

CVE-2024-36387

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:01:26.907551+00:00	Debian Importer	Fixing	VCID-pjxs-hnjr-duey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:12:16.962778+00:00	Debian Importer	Fixing	VCID-r2pc-wuzb-h7hk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:06:19.887513+00:00	Debian Importer	Fixing	VCID-6tgh-b4td-63f5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:40:29.076085+00:00	Debian Importer	Fixing	VCID-ej7y-7na3-5qby	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:40:11.655152+00:00	Debian Importer	Fixing	VCID-ftjw-9fb6-d3cw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:37:39.341655+00:00	Debian Importer	Fixing	VCID-8edq-8rvq-rkf1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:34:33.273775+00:00	Debian Importer	Fixing	VCID-8nw9-zpxn-ckab	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:57:04.148715+00:00	Debian Importer	Fixing	VCID-pjxs-hnjr-duey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:20:52.881792+00:00	Debian Importer	Fixing	VCID-r2pc-wuzb-h7hk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:32:34.390020+00:00	Debian Importer	Fixing	VCID-6tgh-b4td-63f5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:13:11.913131+00:00	Debian Importer	Fixing	VCID-ej7y-7na3-5qby	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:12:58.115673+00:00	Debian Importer	Fixing	VCID-ftjw-9fb6-d3cw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:10:59.157196+00:00	Debian Importer	Fixing	VCID-8edq-8rvq-rkf1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:08:38.244888+00:00	Debian Importer	Fixing	VCID-8nw9-zpxn-ckab	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:17:01.417229+00:00	Debian Importer	Fixing	VCID-pjxs-hnjr-duey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:04.968503+00:00	Debian Importer	Fixing	VCID-r2pc-wuzb-h7hk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:24.639620+00:00	Debian Importer	Fixing	VCID-6tgh-b4td-63f5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:00.792432+00:00	Debian Importer	Fixing	VCID-ej7y-7na3-5qby	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:59.867213+00:00	Debian Importer	Fixing	VCID-ftjw-9fb6-d3cw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:50.030130+00:00	Debian Importer	Fixing	VCID-8edq-8rvq-rkf1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:38.326527+00:00	Debian Importer	Fixing	VCID-8nw9-zpxn-ckab	https://security-tracker.debian.org/tracker/data/json	38.1.0