VulnerableCode Package Details - pkg:rpm/redhat/httpd@2.0.46-73?arch=ent

Search for packages

Vulnerability	Summary	Fixed by
VCID-3kyb-4yvt-f7e1 Aliases: CVE-2009-1955	A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.	There are no reported fixed by versions.
VCID-7ftk-sajb-akh4 Aliases: CVE-2009-0023	A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.	There are no reported fixed by versions.
VCID-pj4f-awuq-73g6 Aliases: CVE-2009-1956	An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3kyb-4yvt-f7e1
Aliases:
CVE-2009-1955

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

There are no reported fixed by versions.

VCID-7ftk-sajb-akh4
Aliases:
CVE-2009-0023

A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.

There are no reported fixed by versions.

VCID-pj4f-awuq-73g6
Aliases:
CVE-2009-1956

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:58:19.096772+00:00	RedHat Importer	Affected by	VCID-pj4f-awuq-73g6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1956.json	38.0.0
2026-04-01T14:58:16.596718+00:00	RedHat Importer	Affected by	VCID-3kyb-4yvt-f7e1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1955.json	38.0.0
2026-04-01T14:58:14.685884+00:00	RedHat Importer	Affected by	VCID-7ftk-sajb-akh4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0023.json	38.0.0