VulnerableCode Package Details - pkg:ebuild/www-servers/apache@2.2.29

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1d24-sy5z-jfhh	HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior.	CVE-2013-5704
VCID-1zk6-7wv2-ukcz	A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.	CVE-2014-0118
VCID-kpew-rarv-83dg	A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.	CVE-2014-0231
VCID-tbud-pwyt-aye9	A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.	CVE-2014-0226

Vulnerability

Summary

Aliases

VCID-1d24-sy5z-jfhh

HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior.

CVE-2013-5704

VCID-1zk6-7wv2-ukcz

A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.

CVE-2014-0118

VCID-kpew-rarv-83dg

A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.

CVE-2014-0231

VCID-tbud-pwyt-aye9

A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.

CVE-2014-0226

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:00:31.960945+00:00	Gentoo Importer	Fixing	VCID-kpew-rarv-83dg	https://security.gentoo.org/glsa/201504-03	38.0.0
2026-04-01T13:00:31.951554+00:00	Gentoo Importer	Fixing	VCID-tbud-pwyt-aye9	https://security.gentoo.org/glsa/201504-03	38.0.0
2026-04-01T13:00:31.941970+00:00	Gentoo Importer	Fixing	VCID-1zk6-7wv2-ukcz	https://security.gentoo.org/glsa/201504-03	38.0.0
2026-04-01T13:00:31.933511+00:00	Gentoo Importer	Fixing	VCID-1d24-sy5z-jfhh	https://security.gentoo.org/glsa/201504-03	38.0.0