Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/httpd24-httpd@2.4.6-18?arch=el6
purl pkg:rpm/redhat/httpd24-httpd@2.4.6-18?arch=el6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-1zk6-7wv2-ukcz
Aliases:
CVE-2014-0118
A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration. There are no reported fixed by versions.
VCID-5crp-xumw-v7gb
Aliases:
CVE-2013-4352
A NULL pointer dereference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. (Note that this vulnerability was fixed in the 2.4.7 release, but the security impact was not disclosed at the time of the release.) There are no reported fixed by versions.
VCID-kpew-rarv-83dg
Aliases:
CVE-2014-0231
A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service. There are no reported fixed by versions.
VCID-m9fd-9pya-xucw
Aliases:
CVE-2014-0117
A flaw was found in mod_proxy in httpd versions 2.4.6 to 2.4.9. A remote attacker could send a carefully crafted request to a server configured as a reverse proxy, and cause the child process to crash. This could lead to a denial of service against a threaded MPM. There are no reported fixed by versions.
VCID-tbud-pwyt-aye9
Aliases:
CVE-2014-0226
A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:47:14.953606+00:00 RedHat Importer Affected by VCID-5crp-xumw-v7gb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4352.json 38.0.0
2026-04-01T14:47:12.061343+00:00 RedHat Importer Affected by VCID-tbud-pwyt-aye9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json 38.0.0
2026-04-01T14:47:04.260514+00:00 RedHat Importer Affected by VCID-1zk6-7wv2-ukcz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0118.json 38.0.0
2026-04-01T14:46:59.421329+00:00 RedHat Importer Affected by VCID-m9fd-9pya-xucw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0117.json 38.0.0
2026-04-01T14:46:56.867402+00:00 RedHat Importer Affected by VCID-kpew-rarv-83dg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0231.json 38.0.0