Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jbcs-httpd24-mod_md@1:2.4.24-11?arch=el8jbcs
purl pkg:rpm/redhat/jbcs-httpd24-mod_md@1:2.4.24-11?arch=el8jbcs
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-6tgh-b4td-63f5
Aliases:
CVE-2024-39573
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. There are no reported fixed by versions.
VCID-8edq-8rvq-rkf1
Aliases:
CVE-2024-38475
There are no reported fixed by versions.
VCID-8nw9-zpxn-ckab
Aliases:
CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. There are no reported fixed by versions.
VCID-ej7y-7na3-5qby
Aliases:
CVE-2024-38474
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. There are no reported fixed by versions.
VCID-ftjw-9fb6-d3cw
Aliases:
CVE-2024-38473
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue. There are no reported fixed by versions.
VCID-pjxs-hnjr-duey
Aliases:
CVE-2024-38477
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:46:34.539417+00:00 RedHat Importer Affected by VCID-6tgh-b4td-63f5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json 38.0.0
2026-04-01T13:46:34.274412+00:00 RedHat Importer Affected by VCID-pjxs-hnjr-duey https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json 38.0.0
2026-04-01T13:46:33.763690+00:00 RedHat Importer Affected by VCID-8nw9-zpxn-ckab https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json 38.0.0
2026-04-01T13:46:33.296095+00:00 RedHat Importer Affected by VCID-8edq-8rvq-rkf1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json 38.0.0
2026-04-01T13:46:32.818566+00:00 RedHat Importer Affected by VCID-ej7y-7na3-5qby https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json 38.0.0
2026-04-01T13:46:32.318447+00:00 RedHat Importer Affected by VCID-ftjw-9fb6-d3cw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json 38.0.0