VulnerableCode Package Details - pkg:apache/httpd@1.3.39

Search for packages

Package details: pkg:apache/httpd@1.3.39

Essentials
History (18)

purl	pkg:apache/httpd@1.3.39

Next non-vulnerable version	2.0.1
Latest non-vulnerable version	2.4.54
Risk	10.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-ftdm-put6-aaaf Aliases: CVE-2007-5000	Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	1.3.41 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.1 Affected by 0 other vulnerabilities. 2.0.38 Affected by 0 other vulnerabilities. 2.0.41 Affected by 0 other vulnerabilities. 2.0.56 Affected by 0 other vulnerabilities. 2.0.60 Affected by 0 other vulnerabilities. 2.0.62 Affected by 0 other vulnerabilities. 2.0.63 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.1 Affected by 0 other vulnerabilities. 2.2.7 Affected by 0 other vulnerabilities. 2.2.8 Affected by 49 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kjcr-z95a-aaae Aliases: CVE-2007-6388	Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	1.3.41 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.1 Affected by 0 other vulnerabilities. 2.0.38 Affected by 0 other vulnerabilities. 2.0.41 Affected by 0 other vulnerabilities. 2.0.56 Affected by 0 other vulnerabilities. 2.0.60 Affected by 0 other vulnerabilities. 2.0.62 Affected by 0 other vulnerabilities. 2.0.63 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.1 Affected by 0 other vulnerabilities. 2.2.7 Affected by 0 other vulnerabilities. 2.2.8 Affected by 49 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ncrq-j3f7-aaag Aliases: CVE-2010-0010	CVE-2010-0010 rhn-apache: buffer overflow via integer overflow vulnerability on 64bit platforms	1.3.42 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.0.1 Affected by 0 other vulnerabilities.
VCID-wyfa-5v5x-aaam Aliases: CVE-2011-3368	The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.	2.0.1 Affected by 0 other vulnerabilities. 2.0.38 Affected by 0 other vulnerabilities. 2.0.41 Affected by 0 other vulnerabilities. 2.0.56 Affected by 0 other vulnerabilities. 2.0.60 Affected by 0 other vulnerabilities. 2.0.62 Affected by 0 other vulnerabilities. 2.0.65 Affected by 0 other vulnerabilities. 2.2.1 Affected by 0 other vulnerabilities. 2.2.7 Affected by 0 other vulnerabilities. 2.2.22 Affected by 21 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-44gh-afxy-aaad	Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."	CVE-2007-3304
VCID-nm2g-nz56-aaas	Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.	CVE-2006-5752

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T12:34:43.332728+00:00	Apache HTTPD Importer	Affected by	VCID-wyfa-5v5x-aaam	https://httpd.apache.org/security/json/CVE-2011-3368.json	36.0.0
2025-03-28T12:34:40.663913+00:00	Apache HTTPD Importer	Affected by	VCID-ncrq-j3f7-aaag	https://httpd.apache.org/security/json/CVE-2010-0010.json	36.0.0
2025-03-28T12:34:36.207310+00:00	Apache HTTPD Importer	Affected by	VCID-kjcr-z95a-aaae	https://httpd.apache.org/security/json/CVE-2007-6388.json	36.0.0
2025-03-28T12:34:35.437726+00:00	Apache HTTPD Importer	Affected by	VCID-ftdm-put6-aaaf	https://httpd.apache.org/security/json/CVE-2007-5000.json	36.0.0
2025-03-28T12:34:34.577405+00:00	Apache HTTPD Importer	Fixing	VCID-44gh-afxy-aaad	https://httpd.apache.org/security/json/CVE-2007-3304.json	36.0.0
2025-03-28T12:34:33.603016+00:00	Apache HTTPD Importer	Fixing	VCID-nm2g-nz56-aaas	https://httpd.apache.org/security/json/CVE-2006-5752.json	36.0.0
2024-11-18T22:52:39.354231+00:00	Apache HTTPD Importer	Affected by	VCID-wyfa-5v5x-aaam	https://httpd.apache.org/security/json/CVE-2011-3368.json	34.3.2
2024-11-18T22:52:34.477575+00:00	Apache HTTPD Importer	Affected by	VCID-ncrq-j3f7-aaag	https://httpd.apache.org/security/json/CVE-2010-0010.json	34.3.2
2024-11-18T22:52:25.844598+00:00	Apache HTTPD Importer	Affected by	VCID-kjcr-z95a-aaae	https://httpd.apache.org/security/json/CVE-2007-6388.json	34.3.2
2024-11-18T22:52:24.687884+00:00	Apache HTTPD Importer	Affected by	VCID-ftdm-put6-aaaf	https://httpd.apache.org/security/json/CVE-2007-5000.json	34.3.2
2024-11-18T22:52:23.133839+00:00	Apache HTTPD Importer	Fixing	VCID-44gh-afxy-aaad	https://httpd.apache.org/security/json/CVE-2007-3304.json	34.3.2
2024-09-18T07:21:09.894053+00:00	Apache HTTPD Importer	Fixing	VCID-nm2g-nz56-aaas	https://httpd.apache.org/security/json/CVE-2006-5752.json	34.0.1
2024-01-04T01:33:30.352584+00:00	Apache HTTPD Importer	Affected by	VCID-wyfa-5v5x-aaam	https://httpd.apache.org/security/json/CVE-2011-3368.json	34.0.0rc1
2024-01-04T01:33:27.773504+00:00	Apache HTTPD Importer	Affected by	VCID-ncrq-j3f7-aaag	https://httpd.apache.org/security/json/CVE-2010-0010.json	34.0.0rc1
2024-01-04T01:33:23.477921+00:00	Apache HTTPD Importer	Affected by	VCID-kjcr-z95a-aaae	https://httpd.apache.org/security/json/CVE-2007-6388.json	34.0.0rc1
2024-01-04T01:33:22.752263+00:00	Apache HTTPD Importer	Affected by	VCID-ftdm-put6-aaaf	https://httpd.apache.org/security/json/CVE-2007-5000.json	34.0.0rc1
2024-01-04T01:33:21.925996+00:00	Apache HTTPD Importer	Fixing	VCID-44gh-afxy-aaad	https://httpd.apache.org/security/json/CVE-2007-3304.json	34.0.0rc1
2024-01-04T01:33:20.992385+00:00	Apache HTTPD Importer	Fixing	VCID-nm2g-nz56-aaas	https://httpd.apache.org/security/json/CVE-2006-5752.json	34.0.0rc1