VulnerableCode Package Details - pkg:rpm/redhat/mod_rt@2.4.1-6.GA.ep6?arch=el6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/mod_rt@2.4.1-6.GA.ep6?arch=el6

Essentials
History (13)

purl	pkg:rpm/redhat/mod_rt@2.4.1-6.GA.ep6?arch=el6

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	10.0

Vulnerabilities affecting this package (13)

Vulnerability	Summary	Fixed by
VCID-11ay-rahr-13az Aliases: CVE-2015-6254	PicketLink: Lack of validation for the Destination attribute in a Response element in a SAML assertion	There are no reported fixed by versions.
VCID-1zk6-7wv2-ukcz Aliases: CVE-2014-0118	A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.	There are no reported fixed by versions.
VCID-2n2t-jyg7-gbev Aliases: CVE-2014-8111	security update	There are no reported fixed by versions.
VCID-2qzz-yezu-r3gc Aliases: CVE-2014-3586	CLI: Insecure default permissions on history file	There are no reported fixed by versions.
VCID-6cjx-y4ey-e3b6 Aliases: CVE-2015-0226 GHSA-vjwc-5hfh-2vv5	Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.	There are no reported fixed by versions.
VCID-a1by-zvtm-akdc Aliases: CVE-2014-0227 GHSA-42j3-498q-m6vp	java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.	There are no reported fixed by versions.
VCID-cnmd-pk6j-fuae Aliases: CVE-2015-0227 GHSA-6r5v-hp32-fjqw	Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."	There are no reported fixed by versions.
VCID-jf7u-dvpd-b7f4 Aliases: CVE-2014-0119 GHSA-prc3-7f44-w48j	Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.	There are no reported fixed by versions.
VCID-khnh-k119-c7es Aliases: CVE-2015-0277	PicketLink: SP does not take Audience condition of a SAML assertion into account	There are no reported fixed by versions.
VCID-kpew-rarv-83dg Aliases: CVE-2014-0231	A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service.	There are no reported fixed by versions.
VCID-q5jj-g31c-afgz Aliases: CVE-2015-0298	mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages	There are no reported fixed by versions.
VCID-tbud-pwyt-aye9 Aliases: CVE-2014-0226	A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.	There are no reported fixed by versions.
VCID-w82a-7kk2-p3f1 Aliases: CVE-2013-4590 GHSA-87w9-x2c3-hrjj	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:48:39.238071+00:00	RedHat Importer	Affected by	VCID-w82a-7kk2-p3f1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4590.json	38.0.0
2026-04-01T14:47:50.205264+00:00	RedHat Importer	Affected by	VCID-jf7u-dvpd-b7f4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0119.json	38.0.0
2026-04-01T14:47:10.368592+00:00	RedHat Importer	Affected by	VCID-tbud-pwyt-aye9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json	38.0.0
2026-04-01T14:47:02.674105+00:00	RedHat Importer	Affected by	VCID-1zk6-7wv2-ukcz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0118.json	38.0.0
2026-04-01T14:46:55.461993+00:00	RedHat Importer	Affected by	VCID-kpew-rarv-83dg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0231.json	38.0.0
2026-04-01T14:44:10.652317+00:00	RedHat Importer	Affected by	VCID-a1by-zvtm-akdc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0227.json	38.0.0
2026-04-01T14:44:02.849650+00:00	RedHat Importer	Affected by	VCID-cnmd-pk6j-fuae	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json	38.0.0
2026-04-01T14:43:51.203608+00:00	RedHat Importer	Affected by	VCID-6cjx-y4ey-e3b6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json	38.0.0
2026-04-01T14:42:48.280732+00:00	RedHat Importer	Affected by	VCID-2qzz-yezu-r3gc	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3586.json	38.0.0
2026-04-01T14:42:07.913993+00:00	RedHat Importer	Affected by	VCID-11ay-rahr-13az	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6254.json	38.0.0
2026-04-01T14:41:53.238086+00:00	RedHat Importer	Affected by	VCID-khnh-k119-c7es	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0277.json	38.0.0
2026-04-01T14:41:44.231794+00:00	RedHat Importer	Affected by	VCID-2n2t-jyg7-gbev	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8111.json	38.0.0
2026-04-01T14:41:18.369147+00:00	RedHat Importer	Affected by	VCID-q5jj-g31c-afgz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0298.json	38.0.0