VulnerableCode Package Details - pkg:rpm/redhat/httpd@2.2.15-60.el6

Search for packages

Vulnerability	Summary	Fixed by
VCID-1189-ej89-hybs Aliases: CVE-2017-3169	mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.	There are no reported fixed by versions.
VCID-fyrq-yg2u-jkc7 Aliases: CVE-2017-7679	mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.	There are no reported fixed by versions.
VCID-jt89-ruvk-1kbj Aliases: CVE-2017-9788	The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.	There are no reported fixed by versions.
VCID-qayj-kts9-3fde Aliases: CVE-2017-3167	Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1189-ej89-hybs
Aliases:
CVE-2017-3169

mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.

There are no reported fixed by versions.

VCID-fyrq-yg2u-jkc7
Aliases:
CVE-2017-7679

mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

There are no reported fixed by versions.

VCID-jt89-ruvk-1kbj
Aliases:
CVE-2017-9788

The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.

There are no reported fixed by versions.

VCID-qayj-kts9-3fde
Aliases:
CVE-2017-3167

Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:30:08.116407+00:00	RedHat Importer	Affected by	VCID-fyrq-yg2u-jkc7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json	38.0.0
2026-04-01T14:30:07.634325+00:00	RedHat Importer	Affected by	VCID-1189-ej89-hybs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json	38.0.0
2026-04-01T14:30:07.313615+00:00	RedHat Importer	Affected by	VCID-qayj-kts9-3fde	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json	38.0.0
2026-04-01T14:30:01.111618+00:00	RedHat Importer	Affected by	VCID-jt89-ruvk-1kbj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json	38.0.0