VulnerableCode Package Details - pkg:rpm/redhat/httpd@2.0.52-22?arch=ent

Search for packages

Vulnerability	Summary	Fixed by
VCID-kcwg-hswv-2uf7 Aliases: CVE-2005-3352	A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers.	There are no reported fixed by versions.
VCID-m8uk-byje-dqey Aliases: CVE-2005-2970	A memory leak in the worker MPM would allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low (from moderate) as sucessful exploitation of the race condition would be difficult.	There are no reported fixed by versions.
VCID-qufv-kta7-1feu Aliases: CVE-2005-3357	A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the worker MPM.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-kcwg-hswv-2uf7
Aliases:
CVE-2005-3352

A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers.

There are no reported fixed by versions.

VCID-m8uk-byje-dqey
Aliases:
CVE-2005-2970

A memory leak in the worker MPM would allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low (from moderate) as sucessful exploitation of the race condition would be difficult.

There are no reported fixed by versions.

VCID-qufv-kta7-1feu
Aliases:
CVE-2005-3357

A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the worker MPM.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:00:30.740589+00:00	RedHat Importer	Affected by	VCID-m8uk-byje-dqey	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2970.json	38.0.0
2026-04-01T15:00:28.885303+00:00	RedHat Importer	Affected by	VCID-qufv-kta7-1feu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3357.json	38.0.0
2026-04-01T15:00:28.130410+00:00	RedHat Importer	Affected by	VCID-kcwg-hswv-2uf7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3352.json	38.0.0