Search for packages
| purl | pkg:rpm/redhat/httpd24@2.4.6-59.ep7?arch=el7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1d24-sy5z-jfhh
Aliases: CVE-2013-5704 |
HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior. | There are no reported fixed by versions. |
|
VCID-4mkw-7haq-pkgn
Aliases: CVE-2014-0230 GHSA-pxcx-cxq8-4mmw |
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. | There are no reported fixed by versions. |
|
VCID-fnxp-n271-mfd8
Aliases: CVE-2014-3581 |
A NULL pointer deference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. This crash would only be a denial of service if using a threaded MPM. | There are no reported fixed by versions. |
|
VCID-k4kb-21tp-4kc8
Aliases: CVE-2015-3183 |
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use. | There are no reported fixed by versions. |
|
VCID-p6ch-pc73-b3ck
Aliases: CVE-2015-5174 GHSA-6qr6-x7jm-x2q6 |
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:49:44.809893+00:00 | RedHat Importer | Affected by | VCID-1d24-sy5z-jfhh | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5704.json | 38.0.0 |
| 2026-04-01T14:46:46.628877+00:00 | RedHat Importer | Affected by | VCID-4mkw-7haq-pkgn | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json | 38.0.0 |
| 2026-04-01T14:46:16.022491+00:00 | RedHat Importer | Affected by | VCID-fnxp-n271-mfd8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3581.json | 38.0.0 |
| 2026-04-01T14:40:20.016982+00:00 | RedHat Importer | Affected by | VCID-k4kb-21tp-4kc8 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json | 38.0.0 |
| 2026-04-01T14:37:48.696647+00:00 | RedHat Importer | Affected by | VCID-p6ch-pc73-b3ck | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5174.json | 38.0.0 |