VulnerableCode Package Details - pkg:rpm/redhat/httpd24-httpd@2.4.12-4.el6?arch=2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3wuk-hwg1-6fa6 Aliases: CVE-2015-3185	A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.	There are no reported fixed by versions.
VCID-gqat-458a-67g2 Aliases: CVE-2015-0228	A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive.	There are no reported fixed by versions.
VCID-k4kb-21tp-4kc8 Aliases: CVE-2015-3183	An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.	There are no reported fixed by versions.
VCID-tcmz-a5dq-d7cj Aliases: CVE-2015-0253	A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3wuk-hwg1-6fa6
Aliases:
CVE-2015-3185

A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.

There are no reported fixed by versions.

VCID-gqat-458a-67g2
Aliases:
CVE-2015-0228

A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive.

There are no reported fixed by versions.

VCID-k4kb-21tp-4kc8
Aliases:
CVE-2015-3183

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.

There are no reported fixed by versions.

VCID-tcmz-a5dq-d7cj
Aliases:
CVE-2015-0253

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:42:51.325032+00:00	RedHat Importer	Affected by	VCID-gqat-458a-67g2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0228.json	38.0.0
2026-04-01T14:40:20.960124+00:00	RedHat Importer	Affected by	VCID-tcmz-a5dq-d7cj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json	38.0.0
2026-04-01T14:40:20.859390+00:00	RedHat Importer	Affected by	VCID-3wuk-hwg1-6fa6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json	38.0.0
2026-04-01T14:40:20.121158+00:00	RedHat Importer	Affected by	VCID-k4kb-21tp-4kc8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json	38.0.0