Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-68.GA.jbcs?arch=el7
purl pkg:rpm/redhat/jbcs-httpd24-mod_security@2.9.2-68.GA.jbcs?arch=el7
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-9hqf-12yh-bkc8
Aliases:
CVE-2021-3518
GHSA-v4f8-2847-rwm7
Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. There are no reported fixed by versions.
VCID-cbm2-cez4-bqgh
Aliases:
CVE-2022-23308
Use After Free `valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes. There are no reported fixed by versions.
VCID-ek5d-m9pn-3fec
Aliases:
CVE-2021-3517
GHSA-jw9f-hh49-cvp9
Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. There are no reported fixed by versions.
VCID-gsbn-6t86-7kf9
Aliases:
CVE-2022-0778
GHSA-x3mh-jvjw-3xwx
Loop with Unreachable Exit Condition ('Infinite Loop') The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters There are no reported fixed by versions.
VCID-k4nk-qqxg-s7e6
Aliases:
CVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling There are no reported fixed by versions.
VCID-rsvx-3f49-v3an
Aliases:
CVE-2021-3541
Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service. There are no reported fixed by versions.
VCID-vf7b-s3y3-sfhw
Aliases:
CVE-2021-3537
GHSA-286v-pcf5-25rc
Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. There are no reported fixed by versions.
VCID-xps8-1a3r-wke6
Aliases:
CVE-2021-3516
Multiple vulnerabilities have been found in libxml2, the worst of which could result in a Denial of Service condition. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:02:26.908654+00:00 RedHat Importer Affected by VCID-xps8-1a3r-wke6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json 38.0.0
2026-04-01T14:02:25.228926+00:00 RedHat Importer Affected by VCID-9hqf-12yh-bkc8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json 38.0.0
2026-04-01T14:02:24.754339+00:00 RedHat Importer Affected by VCID-ek5d-m9pn-3fec https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json 38.0.0
2026-04-01T14:02:22.166610+00:00 RedHat Importer Affected by VCID-vf7b-s3y3-sfhw https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json 38.0.0
2026-04-01T14:02:17.841916+00:00 RedHat Importer Affected by VCID-rsvx-3f49-v3an https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json 38.0.0
2026-04-01T13:59:32.149806+00:00 RedHat Importer Affected by VCID-cbm2-cez4-bqgh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json 38.0.0
2026-04-01T13:59:14.436562+00:00 RedHat Importer Affected by VCID-k4nk-qqxg-s7e6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json 38.0.0
2026-04-01T13:59:11.376511+00:00 RedHat Importer Affected by VCID-gsbn-6t86-7kf9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json 38.0.0