Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/httpd22@2.2.10-23.1.ep5?arch=el4
purl pkg:rpm/redhat/httpd22@2.2.10-23.1.ep5?arch=el4
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 9.6
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-3kyb-4yvt-f7e1
Aliases:
CVE-2009-1955
A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. There are no reported fixed by versions.
VCID-7ftk-sajb-akh4
Aliases:
CVE-2009-0023
A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. There are no reported fixed by versions.
VCID-fysz-5mr6-fbf1
Aliases:
CVE-2009-1890
A denial of service flaw was found in the mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. There are no reported fixed by versions.
VCID-pdj3-4txb-vych
Aliases:
CVE-2009-1891
A denial of service flaw was found in the mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. There are no reported fixed by versions.
VCID-t95h-xhtm-zbdv
Aliases:
CVE-2009-1195
A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:58:19.153289+00:00 RedHat Importer Affected by VCID-t95h-xhtm-zbdv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1195.json 38.0.0
2026-04-01T14:58:16.480981+00:00 RedHat Importer Affected by VCID-3kyb-4yvt-f7e1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json 38.0.0
2026-04-01T14:58:14.567970+00:00 RedHat Importer Affected by VCID-7ftk-sajb-akh4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json 38.0.0
2026-04-01T14:58:08.622488+00:00 RedHat Importer Affected by VCID-pdj3-4txb-vych https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1891.json 38.0.0
2026-04-01T14:58:08.268288+00:00 RedHat Importer Affected by VCID-fysz-5mr6-fbf1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1890.json 38.0.0