VulnerableCode Package Details - pkg:ebuild/www-servers/apache@2.2.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1nh6-77uc-xbak	A bug was found in the mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module.	CVE-2007-1863
VCID-699n-tvdd-qkgj	The recall_headers function in mod_mem_cache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.	CVE-2007-1862
VCID-95zk-suqh-j7e7	A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module.	CVE-2007-3847
VCID-j3mb-97k1-uuh9	A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.	CVE-2006-5752
VCID-jvhf-ecm7-fbb8	Multiple vulnerabilities have been discovered in Apache, possibly resulting in a Denial of Service or the disclosure of sensitive information.	CVE-2007-4465
VCID-srxw-jjvr-p3d5	The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.	CVE-2007-3304

Vulnerability

Summary

Aliases

VCID-1nh6-77uc-xbak

A bug was found in the mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module.

CVE-2007-1863

VCID-699n-tvdd-qkgj

The recall_headers function in mod_mem_cache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

CVE-2007-1862

VCID-95zk-suqh-j7e7

A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module.

CVE-2007-3847

VCID-j3mb-97k1-uuh9

A flaw was found in the mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

CVE-2006-5752

VCID-jvhf-ecm7-fbb8

Multiple vulnerabilities have been discovered in Apache, possibly resulting in a Denial of Service or the disclosure of sensitive information.

CVE-2007-4465

VCID-srxw-jjvr-p3d5

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.

CVE-2007-3304

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:10:28.860647+00:00	Gentoo Importer	Fixing	VCID-jvhf-ecm7-fbb8	https://security.gentoo.org/glsa/200711-06	38.0.0
2026-04-01T13:10:28.850857+00:00	Gentoo Importer	Fixing	VCID-95zk-suqh-j7e7	https://security.gentoo.org/glsa/200711-06	38.0.0
2026-04-01T13:10:28.841232+00:00	Gentoo Importer	Fixing	VCID-srxw-jjvr-p3d5	https://security.gentoo.org/glsa/200711-06	38.0.0
2026-04-01T13:10:28.832018+00:00	Gentoo Importer	Fixing	VCID-1nh6-77uc-xbak	https://security.gentoo.org/glsa/200711-06	38.0.0
2026-04-01T13:10:28.816393+00:00	Gentoo Importer	Fixing	VCID-699n-tvdd-qkgj	https://security.gentoo.org/glsa/200711-06	38.0.0
2026-04-01T13:10:28.804548+00:00	Gentoo Importer	Fixing	VCID-j3mb-97k1-uuh9	https://security.gentoo.org/glsa/200711-06	38.0.0