VulnerableCode Package Details - pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39?arch=el8jbcs

Search for packages

Vulnerability	Summary	Fixed by
VCID-edvy-cern-6kcu Aliases: CVE-2023-25690	Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.	There are no reported fixed by versions.
VCID-fz8c-b8r4-1yb8 Aliases: CVE-2006-20001	A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-edvy-cern-6kcu
Aliases:
CVE-2023-25690

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

There are no reported fixed by versions.

VCID-fz8c-b8r4-1yb8
Aliases:
CVE-2006-20001

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:55:44.063383+00:00	RedHat Importer	Affected by	VCID-fz8c-b8r4-1yb8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json	38.0.0
2026-04-01T13:55:10.145844+00:00	RedHat Importer	Affected by	VCID-edvy-cern-6kcu	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json	38.0.0

2026-04-01T13:55:44.063383+00:00

RedHat Importer

Affected by

VCID-fz8c-b8r4-1yb8

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json

38.0.0

2026-04-01T13:55:10.145844+00:00

RedHat Importer

Affected by

VCID-edvy-cern-6kcu

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.4