VulnerableCode Package Details - pkg:rpm/redhat/httpd@2.4.53-7.el9

Search for packages

Vulnerability	Summary	Fixed by
VCID-6qk8-1cj1-4fh7 Aliases: CVE-2022-36760	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.	There are no reported fixed by versions.
VCID-fz8c-b8r4-1yb8 Aliases: CVE-2006-20001	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.	There are no reported fixed by versions.
VCID-htfx-mahy-9kde Aliases: CVE-2022-37436	Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-6qk8-1cj1-4fh7
Aliases:
CVE-2022-36760

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

There are no reported fixed by versions.

VCID-fz8c-b8r4-1yb8
Aliases:
CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

There are no reported fixed by versions.

VCID-htfx-mahy-9kde
Aliases:
CVE-2022-37436

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:55:44.174613+00:00	RedHat Importer	Affected by	VCID-6qk8-1cj1-4fh7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json	38.0.0
2026-04-01T13:55:44.099384+00:00	RedHat Importer	Affected by	VCID-fz8c-b8r4-1yb8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json	38.0.0
2026-04-01T13:55:44.033090+00:00	RedHat Importer	Affected by	VCID-htfx-mahy-9kde	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json	38.0.0