VulnerableCode Package Details - pkg:alpm/archlinux/apache@2.4.39-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9h4d-g4xk-aaas	A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.	CVE-2019-0196
VCID-cph8-x6eu-aaae	In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.	CVE-2019-0215
VCID-cwwm-tz2r-aaan	A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.	CVE-2019-0220
VCID-gzvw-kw4v-aaae	In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.	CVE-2019-0211
VCID-h5x7-bugb-aaab	In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.	CVE-2019-0217
VCID-vtj3-6vp1-aaap	A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.	CVE-2019-0197

Vulnerability

Summary

Aliases

VCID-9h4d-g4xk-aaas

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.

CVE-2019-0196

VCID-cph8-x6eu-aaae

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.

CVE-2019-0215

VCID-cwwm-tz2r-aaan

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

CVE-2019-0220

VCID-gzvw-kw4v-aaae

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

CVE-2019-0211

VCID-h5x7-bugb-aaab

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

CVE-2019-0217

VCID-vtj3-6vp1-aaap

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.

CVE-2019-0197

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:27.462610+00:00	Arch Linux Importer	Fixing	VCID-9h4d-g4xk-aaas	https://security.archlinux.org/AVG-946	36.0.0
2025-03-28T07:44:27.426073+00:00	Arch Linux Importer	Fixing	VCID-vtj3-6vp1-aaap	https://security.archlinux.org/AVG-946	36.0.0
2025-03-28T07:44:27.389901+00:00	Arch Linux Importer	Fixing	VCID-gzvw-kw4v-aaae	https://security.archlinux.org/AVG-946	36.0.0
2025-03-28T07:44:27.367914+00:00	Arch Linux Importer	Fixing	VCID-cph8-x6eu-aaae	https://security.archlinux.org/AVG-946	36.0.0
2025-03-28T07:44:27.346172+00:00	Arch Linux Importer	Fixing	VCID-h5x7-bugb-aaab	https://security.archlinux.org/AVG-946	36.0.0
2025-03-28T07:44:27.324406+00:00	Arch Linux Importer	Fixing	VCID-cwwm-tz2r-aaan	https://security.archlinux.org/AVG-946	36.0.0
2024-09-18T01:59:32.272130+00:00	Arch Linux Importer	Fixing	VCID-9h4d-g4xk-aaas	https://security.archlinux.org/AVG-946	34.0.1
2024-09-18T01:59:32.244504+00:00	Arch Linux Importer	Fixing	VCID-vtj3-6vp1-aaap	https://security.archlinux.org/AVG-946	34.0.1
2024-09-18T01:59:32.216197+00:00	Arch Linux Importer	Fixing	VCID-gzvw-kw4v-aaae	https://security.archlinux.org/AVG-946	34.0.1
2024-09-18T01:59:32.188255+00:00	Arch Linux Importer	Fixing	VCID-cph8-x6eu-aaae	https://security.archlinux.org/AVG-946	34.0.1
2024-09-18T01:59:32.161017+00:00	Arch Linux Importer	Fixing	VCID-h5x7-bugb-aaab	https://security.archlinux.org/AVG-946	34.0.1
2024-09-18T01:59:32.133536+00:00	Arch Linux Importer	Fixing	VCID-cwwm-tz2r-aaan	https://security.archlinux.org/AVG-946	34.0.1
2024-04-23T19:47:31.073819+00:00	Arch Linux Importer	Fixing	VCID-9h4d-g4xk-aaas	https://security.archlinux.org/AVG-946	34.0.0rc4
2024-04-23T19:47:31.051379+00:00	Arch Linux Importer	Fixing	VCID-vtj3-6vp1-aaap	https://security.archlinux.org/AVG-946	34.0.0rc4
2024-04-23T19:47:31.028985+00:00	Arch Linux Importer	Fixing	VCID-gzvw-kw4v-aaae	https://security.archlinux.org/AVG-946	34.0.0rc4
2024-04-23T19:47:31.006995+00:00	Arch Linux Importer	Fixing	VCID-cph8-x6eu-aaae	https://security.archlinux.org/AVG-946	34.0.0rc4
2024-04-23T19:47:30.984808+00:00	Arch Linux Importer	Fixing	VCID-h5x7-bugb-aaab	https://security.archlinux.org/AVG-946	34.0.0rc4
2024-04-23T19:47:30.962008+00:00	Arch Linux Importer	Fixing	VCID-cwwm-tz2r-aaan	https://security.archlinux.org/AVG-946	34.0.0rc4
2024-01-03T22:25:48.682126+00:00	Arch Linux Importer	Fixing	VCID-9h4d-g4xk-aaas	https://security.archlinux.org/AVG-946	34.0.0rc1
2024-01-03T22:25:48.655890+00:00	Arch Linux Importer	Fixing	VCID-vtj3-6vp1-aaap	https://security.archlinux.org/AVG-946	34.0.0rc1
2024-01-03T22:25:48.631931+00:00	Arch Linux Importer	Fixing	VCID-gzvw-kw4v-aaae	https://security.archlinux.org/AVG-946	34.0.0rc1
2024-01-03T22:25:48.610184+00:00	Arch Linux Importer	Fixing	VCID-cph8-x6eu-aaae	https://security.archlinux.org/AVG-946	34.0.0rc1
2024-01-03T22:25:48.588587+00:00	Arch Linux Importer	Fixing	VCID-h5x7-bugb-aaab	https://security.archlinux.org/AVG-946	34.0.0rc1
2024-01-03T22:25:48.566666+00:00	Arch Linux Importer	Fixing	VCID-cwwm-tz2r-aaan	https://security.archlinux.org/AVG-946	34.0.0rc1

2025-03-28T07:44:27.462610+00:00

Arch Linux Importer

Fixing