Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28?arch=el7jbcs
purl pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-28?arch=el7jbcs
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-cqjv-6m9n-mfeq
Aliases:
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). There are no reported fixed by versions.
VCID-db6k-j9mj-e7hy
Aliases:
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. There are no reported fixed by versions.
VCID-hj5r-jms3-x3fe
Aliases:
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project. There are no reported fixed by versions.
VCID-rdtq-8ng5-53fn
Aliases:
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). There are no reported fixed by versions.
VCID-wrw6-uzz4-rkfb
Aliases:
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:01:41.608074+00:00 RedHat Importer Affected by VCID-db6k-j9mj-e7hy https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json 38.0.0
2026-04-01T14:01:23.822912+00:00 RedHat Importer Affected by VCID-rdtq-8ng5-53fn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json 38.0.0
2026-04-01T14:01:23.757133+00:00 RedHat Importer Affected by VCID-wrw6-uzz4-rkfb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json 38.0.0
2026-04-01T14:01:17.235993+00:00 RedHat Importer Affected by VCID-hj5r-jms3-x3fe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json 38.0.0
2026-04-01T14:00:39.098279+00:00 RedHat Importer Affected by VCID-cqjv-6m9n-mfeq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json 38.0.0