Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/httpd@2.2.17-15.4.ep5?arch=el5
purl pkg:rpm/redhat/httpd@2.2.17-15.4.ep5?arch=el5
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 9.6
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-53da-z9gn-n7f2
Aliases:
CVE-2012-0021
A flaw was found in mod_log_config. If the '%{cookiename}C' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. There are no reported fixed by versions.
VCID-5yez-d5nj-q7eq
Aliases:
CVE-2011-3607
An integer overflow flaw was found which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. There are no reported fixed by versions.
VCID-6vze-zk58-7yep
Aliases:
CVE-2011-3348
A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service. There are no reported fixed by versions.
VCID-d4rc-pnv5-6uc8
Aliases:
CVE-2012-0053
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified. There are no reported fixed by versions.
VCID-prd8-51a5-pygj
Aliases:
CVE-2011-3368
An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/ There are no reported fixed by versions.
VCID-ym93-sxb8-fkdm
Aliases:
CVE-2012-0031
A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:56:20.864212+00:00 RedHat Importer Affected by VCID-6vze-zk58-7yep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3348.json 38.0.0
2026-04-01T14:56:18.914540+00:00 RedHat Importer Affected by VCID-prd8-51a5-pygj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3368.json 38.0.0
2026-04-01T14:56:12.996052+00:00 RedHat Importer Affected by VCID-5yez-d5nj-q7eq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3607.json 38.0.0
2026-04-01T14:56:10.176268+00:00 RedHat Importer Affected by VCID-53da-z9gn-n7f2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0021.json 38.0.0
2026-04-01T14:55:59.007573+00:00 RedHat Importer Affected by VCID-ym93-sxb8-fkdm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0031.json 38.0.0
2026-04-01T14:55:57.550322+00:00 RedHat Importer Affected by VCID-d4rc-pnv5-6uc8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0053.json 38.0.0