Search for packages
| purl | pkg:rpm/redhat/httpd24-httpd@2.4.18-11?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2xc4-7zg9-y7fw
Aliases: CVE-2016-5387 |
HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTP_PROXY" variable from a "Proxy:" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software. | There are no reported fixed by versions. |
|
VCID-7zer-dq7c-8ffq
Aliases: CVE-2016-4979 |
For configurations enabling support for HTTP/2, SSL client certificate validation was not enforced if configured, allowing clients unauthorized access to protected resources over HTTP/2. This issue affected releases 2.4.18 and 2.4.20 only. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:35:58.825199+00:00 | RedHat Importer | Affected by | VCID-7zer-dq7c-8ffq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4979.json | 38.0.0 |
| 2026-04-01T14:35:53.607333+00:00 | RedHat Importer | Affected by | VCID-2xc4-7zg9-y7fw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json | 38.0.0 |