VulnerableCode Package Details - pkg:apache/httpd@2.0.65

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-29gg-v4hb-aaak	The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.	CVE-2011-3192
VCID-cxt1-n6br-aaaf	protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.	CVE-2012-0053
VCID-gjk7-z8g3-aaaq	Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.	CVE-2011-3607
VCID-hvbx-3ykq-aaan	mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.	CVE-2013-1862
VCID-w5ba-fmfs-aaam	Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.	CVE-2011-0419
VCID-wyfa-5v5x-aaam	The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.	CVE-2011-3368
VCID-y8n2-ru9b-aaac	scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.	CVE-2012-0031

Vulnerability

Summary

Aliases

VCID-29gg-v4hb-aaak

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

CVE-2011-3192

VCID-cxt1-n6br-aaaf

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVE-2012-0053

VCID-gjk7-z8g3-aaaq

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVE-2011-3607

VCID-hvbx-3ykq-aaan

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

CVE-2013-1862

VCID-w5ba-fmfs-aaam

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.

CVE-2011-0419

VCID-wyfa-5v5x-aaam

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

CVE-2011-3368

VCID-y8n2-ru9b-aaac

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVE-2012-0031

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T12:34:46.679201+00:00	Apache HTTPD Importer	Fixing	VCID-hvbx-3ykq-aaan	https://httpd.apache.org/security/json/CVE-2013-1862.json	36.0.0
2025-03-28T12:34:45.147161+00:00	Apache HTTPD Importer	Fixing	VCID-cxt1-n6br-aaaf	https://httpd.apache.org/security/json/CVE-2012-0053.json	36.0.0
2025-03-28T12:34:44.708334+00:00	Apache HTTPD Importer	Fixing	VCID-y8n2-ru9b-aaac	https://httpd.apache.org/security/json/CVE-2012-0031.json	36.0.0
2025-03-28T12:34:44.115164+00:00	Apache HTTPD Importer	Fixing	VCID-gjk7-z8g3-aaaq	https://httpd.apache.org/security/json/CVE-2011-3607.json	36.0.0
2025-03-28T12:34:43.564885+00:00	Apache HTTPD Importer	Fixing	VCID-wyfa-5v5x-aaam	https://httpd.apache.org/security/json/CVE-2011-3368.json	36.0.0
2025-03-28T12:34:42.938071+00:00	Apache HTTPD Importer	Fixing	VCID-29gg-v4hb-aaak	https://httpd.apache.org/security/json/CVE-2011-3192.json	36.0.0
2025-03-28T12:34:42.522741+00:00	Apache HTTPD Importer	Fixing	VCID-w5ba-fmfs-aaam	https://httpd.apache.org/security/json/CVE-2011-0419.json	36.0.0
2024-11-18T22:52:45.290896+00:00	Apache HTTPD Importer	Fixing	VCID-hvbx-3ykq-aaan	https://httpd.apache.org/security/json/CVE-2013-1862.json	34.3.2
2024-11-18T22:52:42.167248+00:00	Apache HTTPD Importer	Fixing	VCID-cxt1-n6br-aaaf	https://httpd.apache.org/security/json/CVE-2012-0053.json	34.3.2
2024-11-18T22:52:41.480048+00:00	Apache HTTPD Importer	Fixing	VCID-y8n2-ru9b-aaac	https://httpd.apache.org/security/json/CVE-2012-0031.json	34.3.2
2024-11-18T22:52:40.366822+00:00	Apache HTTPD Importer	Fixing	VCID-gjk7-z8g3-aaaq	https://httpd.apache.org/security/json/CVE-2011-3607.json	34.3.2
2024-11-18T22:52:39.580343+00:00	Apache HTTPD Importer	Fixing	VCID-wyfa-5v5x-aaam	https://httpd.apache.org/security/json/CVE-2011-3368.json	34.3.2
2024-11-18T22:52:38.557579+00:00	Apache HTTPD Importer	Fixing	VCID-29gg-v4hb-aaak	https://httpd.apache.org/security/json/CVE-2011-3192.json	34.3.2
2024-11-18T22:52:37.890416+00:00	Apache HTTPD Importer	Fixing	VCID-w5ba-fmfs-aaam	https://httpd.apache.org/security/json/CVE-2011-0419.json	34.3.2
2024-01-04T01:33:33.605430+00:00	Apache HTTPD Importer	Fixing	VCID-hvbx-3ykq-aaan	https://httpd.apache.org/security/json/CVE-2013-1862.json	34.0.0rc1
2024-01-04T01:33:32.112786+00:00	Apache HTTPD Importer	Fixing	VCID-cxt1-n6br-aaaf	https://httpd.apache.org/security/json/CVE-2012-0053.json	34.0.0rc1
2024-01-04T01:33:31.692808+00:00	Apache HTTPD Importer	Fixing	VCID-y8n2-ru9b-aaac	https://httpd.apache.org/security/json/CVE-2012-0031.json	34.0.0rc1
2024-01-04T01:33:31.105612+00:00	Apache HTTPD Importer	Fixing	VCID-gjk7-z8g3-aaaq	https://httpd.apache.org/security/json/CVE-2011-3607.json	34.0.0rc1
2024-01-04T01:33:30.576788+00:00	Apache HTTPD Importer	Fixing	VCID-wyfa-5v5x-aaam	https://httpd.apache.org/security/json/CVE-2011-3368.json	34.0.0rc1
2024-01-04T01:33:29.964311+00:00	Apache HTTPD Importer	Fixing	VCID-29gg-v4hb-aaak	https://httpd.apache.org/security/json/CVE-2011-3192.json	34.0.0rc1
2024-01-04T01:33:29.559899+00:00	Apache HTTPD Importer	Fixing	VCID-w5ba-fmfs-aaam	https://httpd.apache.org/security/json/CVE-2011-0419.json	34.0.0rc1