VulnerableCode Package Details - pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-122.jbcs?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-3wuk-hwg1-6fa6 Aliases: CVE-2015-3185	A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.	There are no reported fixed by versions.
VCID-jt89-ruvk-1kbj Aliases: CVE-2017-9788	The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.	There are no reported fixed by versions.
VCID-x54g-mhs4-mug4 Aliases: CVE-2016-2183	Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3wuk-hwg1-6fa6
Aliases:
CVE-2015-3185

A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.

There are no reported fixed by versions.

VCID-jt89-ruvk-1kbj
Aliases:
CVE-2017-9788

The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.

There are no reported fixed by versions.

VCID-x54g-mhs4-mug4
Aliases:
CVE-2016-2183

Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites, the worst of which may allow execution of arbitrary code

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:40:20.840001+00:00	RedHat Importer	Affected by	VCID-3wuk-hwg1-6fa6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json	38.0.0
2026-04-01T14:35:32.108448+00:00	RedHat Importer	Affected by	VCID-x54g-mhs4-mug4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2183.json	38.0.0
2026-04-01T14:30:00.962933+00:00	RedHat Importer	Affected by	VCID-jt89-ruvk-1kbj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json	38.0.0