Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs?arch=el7
purl pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-16.GA.jbcs?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 8.6
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-4sss-a8ne-kqbc
Aliases:
CVE-2019-0197
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the "H2Upgrade on" is unaffected by this. There are no reported fixed by versions.
VCID-6vxq-uxxw-ybeh
Aliases:
CVE-2019-0196
Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly. There are no reported fixed by versions.
VCID-7u2r-egf2-vfhx
Aliases:
CVE-2018-17189
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. There are no reported fixed by versions.
VCID-7ygr-6dqp-m3hh
Aliases:
CVE-2018-0734
security update There are no reported fixed by versions.
VCID-9hzg-r1fj-pubf
Aliases:
CVE-2019-9513
Excessive CPU usage in HTTP/2 with priority changes There are no reported fixed by versions.
VCID-ct26-19cq-8kd7
Aliases:
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. There are no reported fixed by versions.
VCID-dmv4-ydq9-a7eq
Aliases:
CVE-2019-9511
Excessive CPU usage in HTTP/2 with small window updates There are no reported fixed by versions.
VCID-h7td-61b7-q7aw
Aliases:
CVE-2018-0737
Multiple vulnerabilities have been found in OpenSSL, the worst of which may lead to a Denial of Service condition. There are no reported fixed by versions.
VCID-kcsp-h1s5-wbea
Aliases:
CVE-2019-9516
Excessive memory usage in HTTP/2 with zero length headers There are no reported fixed by versions.
VCID-w6p6-u8ku-k3f6
Aliases:
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. There are no reported fixed by versions.
VCID-y3k1-c4rn-xbc2
Aliases:
CVE-2019-9517
A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. There are no reported fixed by versions.
VCID-z3fb-nqcp-g3fq
Aliases:
CVE-2018-5407
Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:25:24.935388+00:00 RedHat Importer Affected by VCID-h7td-61b7-q7aw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0737.json 38.0.0
2026-04-01T14:22:01.369162+00:00 RedHat Importer Affected by VCID-7ygr-6dqp-m3hh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0734.json 38.0.0
2026-04-01T14:21:45.141605+00:00 RedHat Importer Affected by VCID-z3fb-nqcp-g3fq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json 38.0.0
2026-04-01T14:21:04.709556+00:00 RedHat Importer Affected by VCID-7u2r-egf2-vfhx https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json 38.0.0
2026-04-01T14:21:04.144471+00:00 RedHat Importer Affected by VCID-ct26-19cq-8kd7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json 38.0.0
2026-04-01T14:20:59.805337+00:00 RedHat Importer Affected by VCID-4sss-a8ne-kqbc https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json 38.0.0
2026-04-01T14:20:37.653810+00:00 RedHat Importer Affected by VCID-6vxq-uxxw-ybeh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json 38.0.0
2026-04-01T14:20:36.939339+00:00 RedHat Importer Affected by VCID-w6p6-u8ku-k3f6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json 38.0.0
2026-04-01T14:17:52.570705+00:00 RedHat Importer Affected by VCID-y3k1-c4rn-xbc2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json 38.0.0
2026-04-01T14:17:51.425597+00:00 RedHat Importer Affected by VCID-kcsp-h1s5-wbea https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json 38.0.0
2026-04-01T14:17:48.784141+00:00 RedHat Importer Affected by VCID-dmv4-ydq9-a7eq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json 38.0.0
2026-04-01T14:17:30.628969+00:00 RedHat Importer Affected by VCID-9hzg-r1fj-pubf https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json 38.0.0