Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/httpd@2.2.26-54.ep6?arch=el6
purl pkg:rpm/redhat/httpd@2.2.26-54.ep6?arch=el6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-2xc4-7zg9-y7fw
Aliases:
CVE-2016-5387
HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTP_PROXY" variable from a "Proxy:" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software. There are no reported fixed by versions.
VCID-33f9-ps96-9bfz
Aliases:
CVE-2016-2106
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. There are no reported fixed by versions.
VCID-k4kb-21tp-4kc8
Aliases:
CVE-2015-3183
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use. There are no reported fixed by versions.
VCID-snj8-2smt-3kdv
Aliases:
CVE-2016-3110
GHSA-68qq-3phh-53j7
mod_cluster Denial of Service vulnerability mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. There are no reported fixed by versions.
VCID-vqe4-4q4r-aybe
Aliases:
CVE-2016-2105
Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. There are no reported fixed by versions.
VCID-y2dr-h2d9-xbaa
Aliases:
CVE-2016-4459
mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:40:19.862505+00:00 RedHat Importer Affected by VCID-k4kb-21tp-4kc8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json 38.0.0
2026-04-01T14:36:43.729681+00:00 RedHat Importer Affected by VCID-33f9-ps96-9bfz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2106.json 38.0.0
2026-04-01T14:36:43.325740+00:00 RedHat Importer Affected by VCID-vqe4-4q4r-aybe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2105.json 38.0.0
2026-04-01T14:35:53.527827+00:00 RedHat Importer Affected by VCID-2xc4-7zg9-y7fw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json 38.0.0
2026-04-01T14:35:33.674438+00:00 RedHat Importer Affected by VCID-snj8-2smt-3kdv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3110.json 38.0.0
2026-04-01T14:34:14.053973+00:00 RedHat Importer Affected by VCID-y2dr-h2d9-xbaa https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4459.json 38.0.0