VulnerableCode Package Details - pkg:rpm/redhat/httpd@2.4.6-95?arch=el7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/httpd@2.4.6-95?arch=el7

Essentials
History (6)

purl	pkg:rpm/redhat/httpd@2.4.6-95?arch=el7

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-5xrt-1n1q-4bey Aliases: CVE-2020-1927	In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.	There are no reported fixed by versions.
VCID-9qdr-1v39-d7b7 Aliases: CVE-2018-1283	When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because "SessionEnv on" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.	There are no reported fixed by versions.
VCID-auhk-ppv5-buaa Aliases: CVE-2020-1934	in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.	There are no reported fixed by versions.
VCID-h6kk-81jx-h7b8 Aliases: CVE-2019-10098	Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.	There are no reported fixed by versions.
VCID-q5wm-suxb-jfeb Aliases: CVE-2017-15715	The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.	There are no reported fixed by versions.
VCID-scf1-zmu7-e3b2 Aliases: CVE-2018-1303	A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:25:44.457958+00:00	RedHat Importer	Affected by	VCID-scf1-zmu7-e3b2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json	38.0.0
2026-04-01T14:25:44.205882+00:00	RedHat Importer	Affected by	VCID-9qdr-1v39-d7b7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json	38.0.0
2026-04-01T14:25:41.013099+00:00	RedHat Importer	Affected by	VCID-q5wm-suxb-jfeb	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json	38.0.0
2026-04-01T14:17:19.845654+00:00	RedHat Importer	Affected by	VCID-h6kk-81jx-h7b8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json	38.0.0
2026-04-01T14:09:25.208673+00:00	RedHat Importer	Affected by	VCID-auhk-ppv5-buaa	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json	38.0.0
2026-04-01T14:09:24.861958+00:00	RedHat Importer	Affected by	VCID-5xrt-1n1q-4bey	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json	38.0.0