Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/httpd24-httpd@2.4.34-15?arch=el6
purl pkg:rpm/redhat/httpd24-httpd@2.4.34-15?arch=el6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-3djp-gq4c-1fa9
Aliases:
CVE-2019-10092
A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks. There are no reported fixed by versions.
VCID-7u2r-egf2-vfhx
Aliases:
CVE-2018-17189
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. There are no reported fixed by versions.
VCID-7vfk-1dwm-xbbt
Aliases:
CVE-2019-10097
When mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. There are no reported fixed by versions.
VCID-ct26-19cq-8kd7
Aliases:
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. There are no reported fixed by versions.
VCID-uwqg-yytc-vfae
Aliases:
CVE-2019-0220
When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them. There are no reported fixed by versions.
VCID-w6p6-u8ku-k3f6
Aliases:
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:21:04.966809+00:00 RedHat Importer Affected by VCID-7u2r-egf2-vfhx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json 38.0.0
2026-04-01T14:21:04.419933+00:00 RedHat Importer Affected by VCID-ct26-19cq-8kd7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json 38.0.0
2026-04-01T14:20:38.643824+00:00 RedHat Importer Affected by VCID-uwqg-yytc-vfae https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json 38.0.0
2026-04-01T14:20:37.279129+00:00 RedHat Importer Affected by VCID-w6p6-u8ku-k3f6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json 38.0.0
2026-04-01T14:17:20.549909+00:00 RedHat Importer Affected by VCID-7vfk-1dwm-xbbt https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json 38.0.0
2026-04-01T14:17:19.535521+00:00 RedHat Importer Affected by VCID-3djp-gq4c-1fa9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json 38.0.0