Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037784?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "type": "deb", "namespace": "debian", "name": "apache2", "version": "2.4.38-3+deb10u8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.66-1~deb12u1", "latest_non_vulnerable_version": "2.4.66-1~deb12u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3813?format=api", "vulnerability_id": "VCID-17hy-4ppt-xyhw", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97343", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732", "reference_id": "1966732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26691.json", "reference_id": "CVE-2021-26691", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26691.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-26691" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3869?format=api", "vulnerability_id": "VCID-2d8p-bbc1-hkfa", "summary": "Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd=\"...\" directives.\n\nThis issue affects Apache HTTP Server before 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.07398", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08736", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08772", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.0875", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08669", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08745", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926", "reference_id": "1121926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419365", "reference_id": "2419365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419365" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-58098.json", "reference_id": "CVE-2025-58098", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-58098.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23732", "reference_id": "RHSA-2025:23732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23919", "reference_id": "RHSA-2025:23919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23932", "reference_id": "RHSA-2025:23932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0009", "reference_id": "RHSA-2026:0009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0010", "reference_id": "RHSA-2026:0010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0011", "reference_id": "RHSA-2026:0011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0012", "reference_id": "RHSA-2026:0012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0074", "reference_id": "RHSA-2026:0074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0074" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0075", "reference_id": "RHSA-2026:0075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0090", "reference_id": "RHSA-2026:0090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0095", "reference_id": "RHSA-2026:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0139", "reference_id": "RHSA-2026:0139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0141", "reference_id": "RHSA-2026:0141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0171", "reference_id": "RHSA-2026:0171", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0171" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2994", "reference_id": "RHSA-2026:2994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2995", "reference_id": "RHSA-2026:2995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2995" }, { "reference_url": "https://usn.ubuntu.com/7968-1/", "reference_id": "USN-7968-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7968-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-58098" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2d8p-bbc1-hkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3847?format=api", "vulnerability_id": "VCID-2e6w-fs4j-17g9", "summary": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89409", "scoring_system": "epss", "scoring_elements": "0.99546", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.89409", "scoring_system": "epss", "scoring_elements": "0.99542", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.89409", "scoring_system": "epss", "scoring_elements": "0.99543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.89409", "scoring_system": "epss", "scoring_elements": "0.99545", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412", "reference_id": "1068412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2024/04/03/16", "reference_id": "16", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2024/04/03/16" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/18", "reference_id": "18", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268277", "reference_id": "2268277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268277" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/04/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/04/4" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-27316.json", "reference_id": "CVE-2024-27316", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-27316.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://support.apple.com/kb/HT214119", "reference_id": "HT214119", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/" } ], "url": "https://support.apple.com/kb/HT214119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1786", "reference_id": "RHSA-2024:1786", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1872", "reference_id": "RHSA-2024:1872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2564", "reference_id": "RHSA-2024:2564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2891", "reference_id": "RHSA-2024:2891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2907", "reference_id": "RHSA-2024:2907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3402", "reference_id": "RHSA-2024:3402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3417", "reference_id": "RHSA-2024:3417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4390", "reference_id": "RHSA-2024:4390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4390" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16668", "reference_id": "RHSA-2025:16668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16668" }, { "reference_url": "https://usn.ubuntu.com/6729-1/", "reference_id": "USN-6729-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-1/" }, { "reference_url": "https://usn.ubuntu.com/6729-2/", "reference_id": "USN-6729-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-2/" }, { "reference_url": "https://usn.ubuntu.com/6729-3/", "reference_id": "USN-6729-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-27316" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e6w-fs4j-17g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3859?format=api", "vulnerability_id": "VCID-3ay7-bwah-2yd1", "summary": "HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.\n\nThis vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.5352", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00302", "scoring_system": "epss", "scoring_elements": "0.53546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56587", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56573", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56583", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374549", "reference_id": "2374549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374549" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-42516.json", "reference_id": "CVE-2024-42516", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-42516.json" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2024-42516" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ay7-bwah-2yd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3799?format=api", "vulnerability_id": "VCID-3djp-gq4c-1fa9", "summary": "A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99216", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99221", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99225", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99224", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99226", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Aug/47" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/24", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Oct/24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190905-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190905-0003/" }, { "reference_url": "https://support.f5.com/csp/article/K30442259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K30442259" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4509" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/15/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/08/15/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/08/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/08/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/08/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/08/08/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956", "reference_id": "1743956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/", "reference_id": "CVE-2019-10092", "reference_type": "exploit", "scores": [], "url": "https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md", "reference_id": "CVE-2019-10092", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10092.json", "reference_id": "CVE-2019-10092", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10092.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092", "reference_id": "CVE-2019-10092", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10092" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3djp-gq4c-1fa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3841?format=api", "vulnerability_id": "VCID-4c3m-m6ku-kbhq", "summary": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.7369", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73675", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73699", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73683", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73651", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.73647", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d" }, { "reference_url": "https://github.com/unbit/uwsgi", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/unbit/uwsgi" }, { "reference_url": "https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822" }, { "reference_url": "https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/" } ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "reference_url": "https://security.gentoo.org/glsa/202309-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/" } ], "url": "https://security.gentoo.org/glsa/202309-01" }, { "reference_url": "https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476", "reference_id": "1032476", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", "reference_id": "2176211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176211" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2023-27522.json", "reference_id": "CVE-2023-27522", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2023-27522.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", "reference_id": "CVE-2023-27522", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27522" }, { "reference_url": "https://github.com/advisories/GHSA-vcph-37mh-fqrh", "reference_id": "GHSA-vcph-37mh-fqrh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcph-37mh-fqrh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5049", "reference_id": "RHSA-2023:5049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5050", "reference_id": "RHSA-2023:5050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6403", "reference_id": "RHSA-2023:6403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4504", "reference_id": "RHSA-2024:4504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4504" }, { "reference_url": "https://usn.ubuntu.com/5942-1/", "reference_id": "USN-5942-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5942-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2023-27522", "GHSA-vcph-37mh-fqrh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c3m-m6ku-kbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3833?format=api", "vulnerability_id": "VCID-4d3t-es7p-9qhn", "summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78114", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.7814", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006", "reference_id": "2095006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", "reference_id": "7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/08/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/08/9" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28615.json", "reference_id": "CVE-2022-28615", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28615.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220624-0005/", "reference_id": "ntap-20220624-0005", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220624-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", "reference_id": "YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-28615" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3803?format=api", "vulnerability_id": "VCID-5xrt-1n1q-4bey", "summary": "In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93504", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/03/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/04/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/04/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761", "reference_id": "1820761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1927.json", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1927.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-1927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3811?format=api", "vulnerability_id": "VCID-66k7-maf9-dfcd", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93319", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.9332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93302", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724", "reference_id": "1966724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-35452.json", "reference_id": "CVE-2020-35452", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-35452.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-35452" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3815?format=api", "vulnerability_id": "VCID-6b7y-562y-suce", "summary": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.934", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93416", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93392", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93419", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013", "reference_id": "1968013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/13/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2" }, { "reference_url": "https://seclists.org/oss-sec/2021/q2/206", "reference_id": "206", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://seclists.org/oss-sec/2021/q2/206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/", "reference_id": "2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/06/10/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562", "reference_id": "989562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/", "reference_id": "A73QJ4HPUMU26I6EULG6SCK67TUEXZYR", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-23", "reference_id": "ASA-202106-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-23" }, { "reference_url": "https://security.archlinux.org/AVG-2041", "reference_id": "AVG-2041", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2041" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-31618.json", "reference_id": "CVE-2021-31618", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-31618.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4937", "reference_id": "dsa-4937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4937" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0008/", "reference_id": "ntap-20210727-0008", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0008/" }, { "reference_url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-31618" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3838?format=api", "vulnerability_id": "VCID-6qk8-1cj1-4fh7", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52508", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52528", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52573", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52558", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52481", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", "reference_id": "2161777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-36760.json", "reference_id": "CVE-2022-36760", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2022-36760.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://usn.ubuntu.com/5834-1/", "reference_id": "USN-5834-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5834-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-36760" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3855?format=api", "vulnerability_id": "VCID-6tgh-b4td-63f5", "summary": "Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86917", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86886", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86927", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86923", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86873", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0316", "scoring_system": "epss", "scoring_elements": "0.86891", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295022", "reference_id": "2295022", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295022" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-39573.json", "reference_id": "CVE-2024-39573", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-39573.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:41:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4720", "reference_id": "RHSA-2024:4720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4726", "reference_id": "RHSA-2024:4726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5001", "reference_id": "RHSA-2024:5001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5239", "reference_id": "RHSA-2024:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5240", "reference_id": "RHSA-2024:5240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5240" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-39573" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tgh-b4td-63f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3800?format=api", "vulnerability_id": "VCID-7vfk-1dwm-xbbt", "summary": "When mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95861", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95881", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95892", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95895", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95869", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.22907", "scoring_system": "epss", "scoring_elements": "0.95877", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996", "reference_id": "1743996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743996" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10097.json", "reference_id": "CVE-2019-10097", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10097.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097", "reference_id": "CVE-2019-10097", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10097" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10097" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vfk-1dwm-xbbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3852?format=api", "vulnerability_id": "VCID-8edq-8rvq-rkf1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93858", "scoring_system": "epss", "scoring_elements": "0.99869", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.93858", "scoring_system": "epss", "scoring_elements": "0.99867", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.93858", "scoring_system": "epss", "scoring_elements": "0.99868", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295014", "reference_id": "2295014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295014" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-38475.json", "reference_id": "CVE-2024-38475", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-38475.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-05-02T03:55:18Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4719", "reference_id": "RHSA-2024:4719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4720", "reference_id": "RHSA-2024:4720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4726", "reference_id": "RHSA-2024:4726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4820", "reference_id": "RHSA-2024:4820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4827", "reference_id": "RHSA-2024:4827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4830", "reference_id": "RHSA-2024:4830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4862", "reference_id": "RHSA-2024:4862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4863", "reference_id": "RHSA-2024:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4938", "reference_id": "RHSA-2024:4938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4943", "reference_id": "RHSA-2024:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5239", "reference_id": "RHSA-2024:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5240", "reference_id": "RHSA-2024:5240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5240" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" }, { "reference_url": "https://usn.ubuntu.com/6885-3/", "reference_id": "USN-6885-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-3/" }, { "reference_url": "https://usn.ubuntu.com/6885-5/", "reference_id": "USN-6885-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-5/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-38475" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8edq-8rvq-rkf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3853?format=api", "vulnerability_id": "VCID-8nw9-zpxn-ckab", "summary": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03452", "scoring_system": "epss", "scoring_elements": "0.87515", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03452", "scoring_system": "epss", "scoring_elements": "0.87486", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03452", "scoring_system": "epss", "scoring_elements": "0.87505", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03452", "scoring_system": "epss", "scoring_elements": "0.87512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03452", "scoring_system": "epss", "scoring_elements": "0.87523", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03452", "scoring_system": "epss", "scoring_elements": "0.87519", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03545", "scoring_system": "epss", "scoring_elements": "0.87649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03545", "scoring_system": "epss", "scoring_elements": "0.87636", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295015", "reference_id": "2295015", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295015" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-38476.json", "reference_id": "CVE-2024-38476", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-38476.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T03:55:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5138", "reference_id": "RHSA-2024:5138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5193", "reference_id": "RHSA-2024:5193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5239", "reference_id": "RHSA-2024:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5240", "reference_id": "RHSA-2024:5240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5812", "reference_id": "RHSA-2024:5812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5832", "reference_id": "RHSA-2024:5832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5832" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6136", "reference_id": "RHSA-2024:6136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6467", "reference_id": "RHSA-2024:6467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6468", "reference_id": "RHSA-2024:6468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6583", "reference_id": "RHSA-2024:6583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6584", "reference_id": "RHSA-2024:6584", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7101", "reference_id": "RHSA-2024:7101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7101" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" }, { "reference_url": "https://usn.ubuntu.com/6885-3/", "reference_id": "USN-6885-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-38476" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nw9-zpxn-ckab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3865?format=api", "vulnerability_id": "VCID-9tez-97xg-z3bs", "summary": "In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.\n\nOnly configurations using \"SSLEngine optional\" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32463", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3281", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32811", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32783", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374580", "reference_id": "2374580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374580" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-49812.json", "reference_id": "CVE-2025-49812", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-49812.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14901", "reference_id": "RHSA-2025:14901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14902", "reference_id": "RHSA-2025:14902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14903", "reference_id": "RHSA-2025:14903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14997", "reference_id": "RHSA-2025:14997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14998", "reference_id": "RHSA-2025:14998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15023", "reference_id": "RHSA-2025:15023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15036", "reference_id": "RHSA-2025:15036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15095", "reference_id": "RHSA-2025:15095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-49812" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tez-97xg-z3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3817?format=api", "vulnerability_id": "VCID-9u53-b79b-cfgd", "summary": "Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128", "reference_id": "2005128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-34798.json", "reference_id": "CVE-2021-34798", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-34798.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-34798" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3810?format=api", "vulnerability_id": "VCID-9ych-ybpr-j3h6", "summary": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95714", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95693", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.9571", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738", "reference_id": "1966738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13950.json", "reference_id": "CVE-2020-13950", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13950.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5163", "reference_id": "RHSA-2022:5163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5163" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-13950" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3798?format=api", "vulnerability_id": "VCID-a9rw-3s1y-hqd7", "summary": "Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97695", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.9771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97702", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974", "reference_id": "1743974", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10082.json", "reference_id": "CVE-2019-10082", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10082.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082", "reference_id": "CVE-2019-10082", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10082" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rw-3s1y-hqd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3804?format=api", "vulnerability_id": "VCID-auhk-ppv5-buaa", "summary": "in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97247", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97232", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772", "reference_id": "1820772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1934.json", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1934.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-1934" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3842?format=api", "vulnerability_id": "VCID-b68y-4prb-bfdk", "summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.6251", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62543", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62508", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.6256", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62593", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62582", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", "reference_id": "2245332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245332" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2023-31122.json", "reference_id": "CVE-2023-31122", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2023-31122.json" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0011/", "reference_id": "ntap-20231027-0011", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2278", "reference_id": "RHSA-2024:2278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3121", "reference_id": "RHSA-2024:3121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3121" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/", "reference_id": "TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/" }, { "reference_url": "https://usn.ubuntu.com/6506-1/", "reference_id": "USN-6506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6506-1/" }, { "reference_url": "https://usn.ubuntu.com/6510-1/", "reference_id": "USN-6510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6510-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/", "reference_id": "VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/", "reference_id": "ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2023-31122" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b68y-4prb-bfdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3861?format=api", "vulnerability_id": "VCID-b9ks-detx-nkdw", "summary": "Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via \nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1559", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1616", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16137", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16098", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16096", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379332", "reference_id": "2379332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379332" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-43394.json", "reference_id": "CVE-2024-43394", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-43394.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2024-43394" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ks-detx-nkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3846?format=api", "vulnerability_id": "VCID-bau7-pme5-ckbt", "summary": "HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\n\nUsers are recommended to upgrade to version 2.4.59, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78267", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78264", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78289", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78219", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78249", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78231", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78258", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412", "reference_id": "1068412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273499", "reference_id": "2273499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273499" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-24795.json", "reference_id": "CVE-2024-24795", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-24795.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9306", "reference_id": "RHSA-2024:9306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3452", "reference_id": "RHSA-2025:3452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://usn.ubuntu.com/6729-1/", "reference_id": "USN-6729-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-1/" }, { "reference_url": "https://usn.ubuntu.com/6729-2/", "reference_id": "USN-6729-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-2/" }, { "reference_url": "https://usn.ubuntu.com/6729-3/", "reference_id": "USN-6729-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-24795" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bau7-pme5-ckbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3812?format=api", "vulnerability_id": "VCID-bvkg-nrwd-e7g8", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98681", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729", "reference_id": "1966729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26690.json", "reference_id": "CVE-2021-26690", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26690.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-26690" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3824?format=api", "vulnerability_id": "VCID-cqjv-6m9n-mfeq", "summary": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nThis issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93382", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93414", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.9339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93406", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672", "reference_id": "2034672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-44224.json", "reference_id": "CVE-2021-44224", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5212-1/", "reference_id": "USN-5212-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-1/" }, { "reference_url": "https://usn.ubuntu.com/5212-2/", "reference_id": "USN-5212-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-44224" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjv-6m9n-mfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3834?format=api", "vulnerability_id": "VCID-d36c-rrxh-ybgv", "summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84759", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84781", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012", "reference_id": "2095012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-29404.json", "reference_id": "CVE-2022-29404", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-29404.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-29404" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3816?format=api", "vulnerability_id": "VCID-db6k-j9mj-e7hy", "summary": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72839", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72841", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728", "reference_id": "1966728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-33193.json", "reference_id": "CVE-2021-33193", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-33193.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-33193" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3840?format=api", "vulnerability_id": "VCID-edvy-cern-6kcu", "summary": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98587", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98591", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98592", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98595", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98596", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98598", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.98599", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.68183", "scoring_system": "epss", "scoring_elements": "0.986", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476", "reference_id": "1032476", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209", "reference_id": "2176209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209" }, { "reference_url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html", "reference_id": "Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-18T15:37:02Z/" } ], "url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2023-25690.json", "reference_id": "CVE-2023-25690", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2023-25690.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1547", "reference_id": "RHSA-2023:1547", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1547" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1593", "reference_id": "RHSA-2023:1593", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1596", "reference_id": "RHSA-2023:1596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1597", "reference_id": "RHSA-2023:1597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1670", "reference_id": "RHSA-2023:1670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1672", "reference_id": "RHSA-2023:1672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1673", "reference_id": "RHSA-2023:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1916", "reference_id": "RHSA-2023:1916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3292", "reference_id": "RHSA-2023:3292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://usn.ubuntu.com/5942-1/", "reference_id": "USN-5942-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5942-1/" }, { "reference_url": "https://usn.ubuntu.com/5942-2/", "reference_id": "USN-5942-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5942-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2023-25690" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edvy-cern-6kcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3805?format=api", "vulnerability_id": "VCID-eesz-v6ae-gya3", "summary": "In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via \"H2Push off\" will mitigate this vulnerability for unpatched servers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98919", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98929", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98926", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.9892", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98925", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866560", "reference_id": "1866560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866560" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-9490.json", "reference_id": "CVE-2020-9490", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-9490.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3714", "reference_id": "RHSA-2020:3714", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3726", "reference_id": "RHSA-2020:3726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3733", "reference_id": "RHSA-2020:3733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3734", "reference_id": "RHSA-2020:3734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3734" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-9490" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eesz-v6ae-gya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3851?format=api", "vulnerability_id": "VCID-ej7y-7na3-5qby", "summary": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73027", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.72979", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73016", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.7303", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73055", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73034", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.72983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00744", "scoring_system": "epss", "scoring_elements": "0.73003", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295013", "reference_id": "2295013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295013" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-38474.json", "reference_id": "CVE-2024-38474", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-38474.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:02:41Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4719", "reference_id": "RHSA-2024:4719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4720", "reference_id": "RHSA-2024:4720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4726", "reference_id": "RHSA-2024:4726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4820", "reference_id": "RHSA-2024:4820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4827", "reference_id": "RHSA-2024:4827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4830", "reference_id": "RHSA-2024:4830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4862", "reference_id": "RHSA-2024:4862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4863", "reference_id": "RHSA-2024:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4938", "reference_id": "RHSA-2024:4938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4943", "reference_id": "RHSA-2024:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5239", "reference_id": "RHSA-2024:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5240", "reference_id": "RHSA-2024:5240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5240" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" }, { "reference_url": "https://usn.ubuntu.com/6885-3/", "reference_id": "USN-6885-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-3/" }, { "reference_url": "https://usn.ubuntu.com/6885-5/", "reference_id": "USN-6885-5", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-5/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-38474" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej7y-7na3-5qby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3802?format=api", "vulnerability_id": "VCID-f2y3-s6j8-7ygr", "summary": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93865", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93895", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93898", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93902", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93883", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93886", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740", "reference_id": "1966740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-17567.json", "reference_id": "CVE-2019-17567", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-17567.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-17567" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3871?format=api", "vulnerability_id": "VCID-fsh3-7b9j-dfgf", "summary": "Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.\n\nThis issue affects Apache HTTP Server from 2.4.0 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66 which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.36463", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00156", "scoring_system": "epss", "scoring_elements": "0.3643", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37477", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37443", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37399", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37451", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926", "reference_id": "1121926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419139", "reference_id": "2419139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419139" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-65082.json", "reference_id": "CVE-2025-65082", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-65082.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23732", "reference_id": "RHSA-2025:23732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23919", "reference_id": "RHSA-2025:23919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23932", "reference_id": "RHSA-2025:23932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2994", "reference_id": "RHSA-2026:2994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2995", "reference_id": "RHSA-2026:2995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2995" }, { "reference_url": "https://usn.ubuntu.com/7968-1/", "reference_id": "USN-7968-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7968-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-65082" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fsh3-7b9j-dfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3850?format=api", "vulnerability_id": "VCID-ftjw-9fb6-d3cw", "summary": "Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88261", "scoring_system": "epss", "scoring_elements": "0.99492", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88261", "scoring_system": "epss", "scoring_elements": "0.99486", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88261", "scoring_system": "epss", "scoring_elements": "0.99488", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88261", "scoring_system": "epss", "scoring_elements": "0.9949", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.88261", "scoring_system": "epss", "scoring_elements": "0.99491", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295012", "reference_id": "2295012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295012" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-38473.json", "reference_id": "CVE-2024-38473", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-38473.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T13:55:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4720", "reference_id": "RHSA-2024:4720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4726", "reference_id": "RHSA-2024:4726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5001", "reference_id": "RHSA-2024:5001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5239", "reference_id": "RHSA-2024:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5240", "reference_id": "RHSA-2024:5240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5240" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-38473" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ftjw-9fb6-d3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3691?format=api", "vulnerability_id": "VCID-fz8c-b8r4-1yb8", "summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63051", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63191", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6314", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63105", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774", "reference_id": "2161774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2006-20001.json", "reference_id": "CVE-2006-20001", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2006-20001.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://usn.ubuntu.com/5834-1/", "reference_id": "USN-5834-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5834-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2006-20001" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3829?format=api", "vulnerability_id": "VCID-g55m-t4s1-nfhv", "summary": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.\n\nThis issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98286", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98285", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.9828", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98281", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319", "reference_id": "2064319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-23943.json", "reference_id": "CVE-2022-23943", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-23943.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-23943" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g55m-t4s1-nfhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3814?format=api", "vulnerability_id": "VCID-g6xr-qtwz-2yaq", "summary": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.9711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97095", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743", "reference_id": "1966743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-30641.json", "reference_id": "CVE-2021-30641", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-30641.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-30641" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3835?format=api", "vulnerability_id": "VCID-gv84-vfvh-y7hu", "summary": "If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93636", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93638", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93643", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015", "reference_id": "2095015", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30522.json", "reference_id": "CVE-2022-30522", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30522.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-30522" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3801?format=api", "vulnerability_id": "VCID-h6kk-81jx-h7b8", "summary": "Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99119", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99117", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.9912", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/01/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/01/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959", "reference_id": "1743959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/", "reference_id": "CVE-2019-10098", "reference_type": "exploit", "scores": [], "url": "https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md", "reference_id": "CVE-2019-10098", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10098.json", "reference_id": "CVE-2019-10098", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10098.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098", "reference_id": "CVE-2019-10098", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10098" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6kk-81jx-h7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3866?format=api", "vulnerability_id": "VCID-ha7f-21gy-3qa2", "summary": "Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00918", "scoring_system": "epss", "scoring_elements": "0.75875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00918", "scoring_system": "epss", "scoring_elements": "0.75907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.78995", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.78997", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.79021", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.79006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.78966", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01211", "scoring_system": "epss", "scoring_elements": "0.7899", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379343", "reference_id": "2379343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379343" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-53020.json", "reference_id": "CVE-2025-53020", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-53020.json" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-53020" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ha7f-21gy-3qa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3836?format=api", "vulnerability_id": "VCID-hm3f-m22n-u3gy", "summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66229", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6626", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6624", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018", "reference_id": "2095018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30556.json", "reference_id": "CVE-2022-30556", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30556.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-30556" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3839?format=api", "vulnerability_id": "VCID-htfx-mahy-9kde", "summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64237", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64235", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64196", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64208", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", "reference_id": "2161773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-37436.json", "reference_id": "CVE-2022-37436", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2022-37436.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-2/", "reference_id": "USN-5839-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-37436" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3827?format=api", "vulnerability_id": "VCID-k4nk-qqxg-s7e6", "summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96418", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96414", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96415", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.9639", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96407", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.27458", "scoring_system": "epss", "scoring_elements": "0.96409", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064321", "reference_id": "2064321", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064321" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-22720.json", "reference_id": "CVE-2022-22720", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-22720.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1045", "reference_id": "RHSA-2022:1045", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1049", "reference_id": "RHSA-2022:1049", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1072", "reference_id": "RHSA-2022:1072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1075", "reference_id": "RHSA-2022:1075", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1075" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1080", "reference_id": "RHSA-2022:1080", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1102", "reference_id": "RHSA-2022:1102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1136", "reference_id": "RHSA-2022:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1137", "reference_id": "RHSA-2022:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1138", "reference_id": "RHSA-2022:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1139", "reference_id": "RHSA-2022:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1173", "reference_id": "RHSA-2022:1173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-22720" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4nk-qqxg-s7e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3845?format=api", "vulnerability_id": "VCID-kkuy-1j91-9bb2", "summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\n\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82511", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.8252", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82516", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82467", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82495", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01741", "scoring_system": "epss", "scoring_elements": "0.82501", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243877", "reference_id": "2243877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243877" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2023-45802.json", "reference_id": "CVE-2023-45802", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2023-45802.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2368", "reference_id": "RHSA-2024:2368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2891", "reference_id": "RHSA-2024:2891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3121", "reference_id": "RHSA-2024:3121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3121" }, { "reference_url": "https://usn.ubuntu.com/6506-1/", "reference_id": "USN-6506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2023-45802" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3820?format=api", "vulnerability_id": "VCID-mtg7-8556-kbgd", "summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94432", "scoring_system": "epss", "scoring_elements": "0.99985", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117", "reference_id": "2005117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_id": "cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-40438.json", "reference_id": "CVE-2021-40438", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-40438.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4982", "reference_id": "dsa-4982", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0004/", "reference_id": "ntap-20211008-0004", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "reference_url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_id": "r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_id": "r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_id": "r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_id": "r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_id": "rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3745", "reference_id": "RHSA-2021:3745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3746", "reference_id": "RHSA-2021:3746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3754", "reference_id": "RHSA-2021:3754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3836", "reference_id": "RHSA-2021:3836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3837", "reference_id": "RHSA-2021:3837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3856", "reference_id": "RHSA-2021:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3856" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", "reference_id": "SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", "reference_id": "ssa-685781.pdf", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2021-17", "reference_id": "tns-2021-17", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", "reference_id": "ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-40438" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3832?format=api", "vulnerability_id": "VCID-na94-5565-dyfc", "summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6922", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69271", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002", "reference_id": "2095002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28614.json", "reference_id": "CVE-2022-28614", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28614.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-28614" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3837?format=api", "vulnerability_id": "VCID-p2a1-afnh-7qca", "summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11511", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13379", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13305", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020", "reference_id": "2095020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-31813.json", "reference_id": "CVE-2022-31813", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-31813.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-31813" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3854?format=api", "vulnerability_id": "VCID-pjxs-hnjr-duey", "summary": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78479", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78472", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01148", "scoring_system": "epss", "scoring_elements": "0.78498", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01347", "scoring_system": "epss", "scoring_elements": "0.80057", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01347", "scoring_system": "epss", "scoring_elements": "0.80036", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01347", "scoring_system": "epss", "scoring_elements": "0.80046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01347", "scoring_system": "epss", "scoring_elements": "0.80075", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295016", "reference_id": "2295016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295016" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-38477.json", "reference_id": "CVE-2024-38477", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-38477.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:23:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4719", "reference_id": "RHSA-2024:4719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4719" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4720", "reference_id": "RHSA-2024:4720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4726", "reference_id": "RHSA-2024:4726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4820", "reference_id": "RHSA-2024:4820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4820" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4827", "reference_id": "RHSA-2024:4827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4830", "reference_id": "RHSA-2024:4830", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4830" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4862", "reference_id": "RHSA-2024:4862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4862" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4863", "reference_id": "RHSA-2024:4863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4938", "reference_id": "RHSA-2024:4938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4943", "reference_id": "RHSA-2024:4943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5239", "reference_id": "RHSA-2024:5239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5240", "reference_id": "RHSA-2024:5240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5240" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" }, { "reference_url": "https://usn.ubuntu.com/6885-3/", "reference_id": "USN-6885-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-38477" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjxs-hnjr-duey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3826?format=api", "vulnerability_id": "VCID-pnc8-bb23-vqh1", "summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.52 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96593", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96591", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96581", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96573", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.29423", "scoring_system": "epss", "scoring_elements": "0.96602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.29423", "scoring_system": "epss", "scoring_elements": "0.96599", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322", "reference_id": "2064322", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-22719.json", "reference_id": "CVE-2022-22719", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-22719.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-22719" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnc8-bb23-vqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3856?format=api", "vulnerability_id": "VCID-pz6f-mahv-hue8", "summary": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.  \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47857", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.4785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47851", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47847", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47871", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295761", "reference_id": "2295761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295761" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/17/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/17/6" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-39884.json", "reference_id": "CVE-2024-39884", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-39884.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0002/", "reference_id": "ntap-20240712-0002", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0002/" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-39884" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6f-mahv-hue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3857?format=api", "vulnerability_id": "VCID-qjeh-n57t-y7g5", "summary": "A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25097", "scoring_system": "epss", "scoring_elements": "0.96177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.25097", "scoring_system": "epss", "scoring_elements": "0.96159", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.25097", "scoring_system": "epss", "scoring_elements": "0.96169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.25097", "scoring_system": "epss", "scoring_elements": "0.96173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.25097", "scoring_system": "epss", "scoring_elements": "0.96175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.25097", "scoring_system": "epss", "scoring_elements": "0.96154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26567", "scoring_system": "epss", "scoring_elements": "0.96301", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40725" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297362", "reference_id": "2297362", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297362" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-40725.json", "reference_id": "CVE-2024-40725", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-40725.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://usn.ubuntu.com/6902-1/", "reference_id": "USN-6902-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6902-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-40725" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qjeh-n57t-y7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3830?format=api", "vulnerability_id": "VCID-qm7e-n9ay-hufy", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.9732", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997", "reference_id": "2094997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-26377.json", "reference_id": "CVE-2022-26377", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-26377.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-26377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3848?format=api", "vulnerability_id": "VCID-r2pc-wuzb-h7hk", "summary": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34143", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34215", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34216", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34173", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34247", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3428", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295006", "reference_id": "2295006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295006" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-36387.json", "reference_id": "CVE-2024-36387", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-36387.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0001/", "reference_id": "ntap-20240712-0001", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:22:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8680", "reference_id": "RHSA-2024:8680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3452", "reference_id": "RHSA-2025:3452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2024-36387" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2pc-wuzb-h7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3863?format=api", "vulnerability_id": "VCID-r471-g9xs-sbga", "summary": "In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\n\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09386", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.094", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09124", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09292", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09368", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374576", "reference_id": "2374576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374576" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-23048.json", "reference_id": "CVE-2025-23048", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-23048.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14901", "reference_id": "RHSA-2025:14901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14902", "reference_id": "RHSA-2025:14902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14903", "reference_id": "RHSA-2025:14903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15023", "reference_id": "RHSA-2025:15023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15095", "reference_id": "RHSA-2025:15095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-23048" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r471-g9xs-sbga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3818?format=api", "vulnerability_id": "VCID-rdtq-8ng5-53fn", "summary": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87985", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87978", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87968", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124", "reference_id": "2005124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-36160.json", "reference_id": "CVE-2021-36160", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-36160.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-36160" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3806?format=api", "vulnerability_id": "VCID-t67v-c4gx-ukbj", "summary": "In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98877", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98879", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98881", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98883", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866563", "reference_id": "1866563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866563" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-11984.json", "reference_id": "CVE-2020-11984", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-11984.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4383", "reference_id": "RHSA-2020:4383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4384", "reference_id": "RHSA-2020:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" }, { "reference_url": "https://usn.ubuntu.com/5054-1/", "reference_id": "USN-5054-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5054-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5054-2/", "reference_id": "USN-USN-5054-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5054-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-11984" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t67v-c4gx-ukbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3868?format=api", "vulnerability_id": "VCID-td8g-tmny-jyaa", "summary": "An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.\n\nThis issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.\n\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22106", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28298", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28399", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28352", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926", "reference_id": "1121926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419140", "reference_id": "2419140", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419140" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-55753.json", "reference_id": "CVE-2025-55753", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-55753.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23732", "reference_id": "RHSA-2025:23732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23738", "reference_id": "RHSA-2025:23738", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23738" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23739", "reference_id": "RHSA-2025:23739", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23739" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0009", "reference_id": "RHSA-2026:0009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0010", "reference_id": "RHSA-2026:0010", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0010" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0011", "reference_id": "RHSA-2026:0011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0012", "reference_id": "RHSA-2026:0012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0012" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0029", "reference_id": "RHSA-2026:0029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0030", "reference_id": "RHSA-2026:0030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0092", "reference_id": "RHSA-2026:0092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0093", "reference_id": "RHSA-2026:0093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0094", "reference_id": "RHSA-2026:0094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2994", "reference_id": "RHSA-2026:2994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2995", "reference_id": "RHSA-2026:2995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2995" }, { "reference_url": "https://usn.ubuntu.com/7968-1/", "reference_id": "USN-7968-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7968-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-55753" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-td8g-tmny-jyaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3797?format=api", "vulnerability_id": "VCID-v41h-pbbe-zfas", "summary": "HTTP/2 very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96529", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96542", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966", "reference_id": "1743966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10081.json", "reference_id": "CVE-2019-10081", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10081.json" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10081" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v41h-pbbe-zfas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3872?format=api", "vulnerability_id": "VCID-varh-ysfr-euc8", "summary": "mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.\n\nThis issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17472", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17519", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21591", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21602", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21456", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21532", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926", "reference_id": "1121926", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419262", "reference_id": "2419262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419262" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-66200.json", "reference_id": "CVE-2025-66200", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-66200.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23732", "reference_id": "RHSA-2025:23732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23919", "reference_id": "RHSA-2025:23919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23932", "reference_id": "RHSA-2025:23932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2994", "reference_id": "RHSA-2026:2994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2995", "reference_id": "RHSA-2026:2995", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2995" }, { "reference_url": "https://usn.ubuntu.com/7968-1/", "reference_id": "USN-7968-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7968-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-66200" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-varh-ysfr-euc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3819?format=api", "vulnerability_id": "VCID-wrw6-uzz4-rkfb", "summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97171", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97193", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97183", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119", "reference_id": "2005119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-39275.json", "reference_id": "CVE-2021-39275", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-39275.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-39275" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3860?format=api", "vulnerability_id": "VCID-ww49-y35r-ykdd", "summary": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43204.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45583", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00228", "scoring_system": "epss", "scoring_elements": "0.45605", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4625", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46248", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43204" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374553", "reference_id": "2374553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374553" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-43204.json", "reference_id": "CVE-2024-43204", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-43204.json" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2024-43204" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ww49-y35r-ykdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3828?format=api", "vulnerability_id": "VCID-xfm9-e5nr-wyat", "summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.\n\nThis issue affects Apache HTTP Server 2.4.52 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94104", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13224", "scoring_system": "epss", "scoring_elements": "0.94143", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320", "reference_id": "2064320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-22721.json", "reference_id": "CVE-2022-22721", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-22721.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2022-22721" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfm9-e5nr-wyat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3843?format=api", "vulnerability_id": "VCID-xhyc-9rpu-2bc8", "summary": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03255", "scoring_system": "epss", "scoring_elements": "0.87129", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03255", "scoring_system": "epss", "scoring_elements": "0.8714", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03255", "scoring_system": "epss", "scoring_elements": "0.87134", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87277", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03342", "scoring_system": "epss", "scoring_elements": "0.87302", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412", "reference_id": "1068412", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/18", "reference_id": "18", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273491", "reference_id": "2273491", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273491" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/04/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2023-38709.json", "reference_id": "CVE-2023-38709", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2023-38709.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://support.apple.com/kb/HT214119", "reference_id": "HT214119", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "https://support.apple.com/kb/HT214119" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/", "reference_id": "I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/", "reference_id": "LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html", "reference_id": "msg00013.html", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240415-0013/", "reference_id": "ntap-20240415-0013", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240415-0013/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4197", "reference_id": "RHSA-2024:4197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6927", "reference_id": "RHSA-2024:6927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6928", "reference_id": "RHSA-2024:6928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9306", "reference_id": "RHSA-2024:9306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9306" }, { "reference_url": "https://usn.ubuntu.com/6729-1/", "reference_id": "USN-6729-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-1/" }, { "reference_url": "https://usn.ubuntu.com/6729-2/", "reference_id": "USN-6729-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-2/" }, { "reference_url": "https://usn.ubuntu.com/6729-3/", "reference_id": "USN-6729-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6729-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/", "reference_id": "WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2023-38709" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhyc-9rpu-2bc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3844?format=api", "vulnerability_id": "VCID-xnfs-bpwj-3ycp", "summary": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\n\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59064", "scoring_system": "epss", "scoring_elements": "0.98216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.61258", "scoring_system": "epss", "scoring_elements": "0.98318", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.61258", "scoring_system": "epss", "scoring_elements": "0.98307", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.61258", "scoring_system": "epss", "scoring_elements": "0.98309", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.61258", "scoring_system": "epss", "scoring_elements": "0.98314", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245153", "reference_id": "2245153", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245153" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2023-43622.json", "reference_id": "CVE-2023-43622", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2023-43622.json" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0011/", "reference_id": "ntap-20231027-0011", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T16:02:28Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2368", "reference_id": "RHSA-2024:2368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2368" }, { "reference_url": "https://usn.ubuntu.com/6506-1/", "reference_id": "USN-6506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6506-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2023-43622" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xnfs-bpwj-3ycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3825?format=api", "vulnerability_id": "VCID-xwnu-h1xh-3bg6", "summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).\nThe Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one.\n\nThis issue affects Apache HTTP Server 2.4.51 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86011", "scoring_system": "epss", "scoring_elements": "0.99393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99439", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99441", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034674", "reference_id": "2034674", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034674" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py", "reference_id": "CVE-2021-44790", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-44790.json", "reference_id": "CVE-2021-44790", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-44790.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0258", "reference_id": "RHSA-2022:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0288", "reference_id": "RHSA-2022:0288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0303", "reference_id": "RHSA-2022:0303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1136", "reference_id": "RHSA-2022:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1137", "reference_id": "RHSA-2022:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1138", "reference_id": "RHSA-2022:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1139", "reference_id": "RHSA-2022:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1139" }, { "reference_url": "https://usn.ubuntu.com/5212-1/", "reference_id": "USN-5212-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-1/" }, { "reference_url": "https://usn.ubuntu.com/5212-2/", "reference_id": "USN-5212-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-44790" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwnu-h1xh-3bg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3796?format=api", "vulnerability_id": "VCID-y3k1-c4rn-xbc2", "summary": "A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04564", "scoring_system": "epss", "scoring_elements": "0.89159", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04564", "scoring_system": "epss", "scoring_elements": "0.89153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90652", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90648", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90631", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90643", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868", "reference_id": "1741868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-9517.json", "reference_id": "CVE-2019-9517", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-9517.json" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2893", "reference_id": "RHSA-2019:2893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2950", "reference_id": "RHSA-2019:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-9517" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3k1-c4rn-xbc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3808?format=api", "vulnerability_id": "VCID-yz3c-arnr-y3cs", "summary": "In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.\nConfiguring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96887", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96919", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96918", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96912", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96914", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866564", "reference_id": "1866564", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866564" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-11993.json", "reference_id": "CVE-2020-11993", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-11993.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4383", "reference_id": "RHSA-2020:4383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4384", "reference_id": "RHSA-2020:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-11993" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yz3c-arnr-y3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3864?format=api", "vulnerability_id": "VCID-zxet-n94k-57ge", "summary": "In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.\n\nConfigurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to \"on\".", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49630.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77462", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77459", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.7745", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374578", "reference_id": "2374578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374578" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-49630.json", "reference_id": "CVE-2025-49630", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-49630.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14625", "reference_id": "RHSA-2025:14625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14983", "reference_id": "RHSA-2025:14983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15725", "reference_id": "RHSA-2025:15725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15726", "reference_id": "RHSA-2025:15726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15727", "reference_id": "RHSA-2025:15727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15727" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2025-49630" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxet-n94k-57ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3862?format=api", "vulnerability_id": "VCID-zyyh-n42k-8bhr", "summary": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37371", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39861", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39817", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39872", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374571", "reference_id": "2374571", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374571" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-47252.json", "reference_id": "CVE-2024-47252", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-47252.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14901", "reference_id": "RHSA-2025:14901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14902", "reference_id": "RHSA-2025:14902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14903", "reference_id": "RHSA-2025:14903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14997", "reference_id": "RHSA-2025:14997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15023", "reference_id": "RHSA-2025:15023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15095", "reference_id": "RHSA-2025:15095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052592?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1" } ], "aliases": [ "CVE-2024-47252" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyh-n42k-8bhr" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3769?format=api", "vulnerability_id": "VCID-1189-ej89-hybs", "summary": "mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96968", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96996", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.9698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96982", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197", "reference_id": "1463197", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3169.json", "reference_id": "CVE-2017-3169", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3169.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-3169" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3813?format=api", "vulnerability_id": "VCID-17hy-4ppt-xyhw", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97343", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732", "reference_id": "1966732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26691.json", "reference_id": "CVE-2021-26691", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26691.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-26691" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3799?format=api", "vulnerability_id": "VCID-3djp-gq4c-1fa9", "summary": "A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99216", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99221", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99225", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99224", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99226", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/47", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Aug/47" }, { "reference_url": "https://seclists.org/bugtraq/2019/Oct/24", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Oct/24" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190905-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190905-0003/" }, { "reference_url": "https://support.f5.com/csp/article/K30442259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K30442259" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4509" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/15/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/08/15/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/08/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/08/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/08/08/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/08/08/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956", "reference_id": "1743956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/", "reference_id": "CVE-2019-10092", "reference_type": "exploit", "scores": [], "url": "https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md", "reference_id": "CVE-2019-10092", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10092.json", "reference_id": "CVE-2019-10092", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10092.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092", "reference_id": "CVE-2019-10092", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10092" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10092" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3djp-gq4c-1fa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3790?format=api", "vulnerability_id": "VCID-4sss-a8ne-kqbc", "summary": "When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84397", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8439", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042", "reference_id": "1695042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0197.json", "reference_id": "CVE-2019-0197", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0197.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0197" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3775?format=api", "vulnerability_id": "VCID-5bej-9h7w-33c8", "summary": "When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/09/18/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2017/09/18/2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99865", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99863", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798" }, { "reference_url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" }, { "reference_url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Sep/22", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2024/Sep/22" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a" }, { "reference_url": "https://github.com/hannob/optionsbleed", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hannob/optionsbleed" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180601-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180601-0003/" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2017-9798" }, { "reference_url": "https://support.apple.com/HT208331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT208331" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" }, { "reference_url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch" }, { "reference_url": "https://www.exploit-db.com/exploits/42745/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/42745/" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3980", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3980" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/100872", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100872" }, { "reference_url": "http://www.securityfocus.com/bid/105598", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105598" }, { "reference_url": "http://www.securitytracker.com/id/1039387", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039387" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344", "reference_id": "1490344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109", "reference_id": "876109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109" }, { "reference_url": "https://security.archlinux.org/ASA-201709-15", "reference_id": "ASA-201709-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-15" }, { "reference_url": "https://security.archlinux.org/AVG-404", "reference_id": "AVG-404", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-404" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9798.json", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9798.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "reference_url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2882", "reference_id": "RHSA-2017:2882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2972", "reference_id": "RHSA-2017:2972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3018", "reference_id": "RHSA-2017:3018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3425-1/", "reference_id": "USN-3425-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-1/" }, { "reference_url": "https://usn.ubuntu.com/3425-2/", "reference_id": "USN-3425-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-9798" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3803?format=api", "vulnerability_id": "VCID-5xrt-1n1q-4bey", "summary": "In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93504", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/03/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/04/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/04/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761", "reference_id": "1820761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1927.json", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1927.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-1927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3811?format=api", "vulnerability_id": "VCID-66k7-maf9-dfcd", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93319", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.9332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93302", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724", "reference_id": "1966724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-35452.json", "reference_id": "CVE-2020-35452", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-35452.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-35452" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3815?format=api", "vulnerability_id": "VCID-6b7y-562y-suce", "summary": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.934", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93416", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93392", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93419", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013", "reference_id": "1968013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/13/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2" }, { "reference_url": "https://seclists.org/oss-sec/2021/q2/206", "reference_id": "206", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://seclists.org/oss-sec/2021/q2/206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/", "reference_id": "2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/06/10/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562", "reference_id": "989562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/", "reference_id": "A73QJ4HPUMU26I6EULG6SCK67TUEXZYR", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-23", "reference_id": "ASA-202106-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-23" }, { "reference_url": "https://security.archlinux.org/AVG-2041", "reference_id": "AVG-2041", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2041" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-31618.json", "reference_id": "CVE-2021-31618", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-31618.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4937", "reference_id": "dsa-4937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4937" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0008/", "reference_id": "ntap-20210727-0008", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0008/" }, { "reference_url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-31618" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3789?format=api", "vulnerability_id": "VCID-6vxq-uxxw-ybeh", "summary": "Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92804", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.9283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92827", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92831", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030", "reference_id": "1695030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0196.json", "reference_id": "CVE-2019-0196", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0196.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0196" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3786?format=api", "vulnerability_id": "VCID-7u2r-egf2-vfhx", "summary": "By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.9031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90339", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90338", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90305", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securityfocus.com/bid/106685", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106685" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497", "reference_id": "1668497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302", "reference_id": "920302", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17189.json", "reference_id": "CVE-2018-17189", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17189.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189", "reference_id": "CVE-2018-17189", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-17189" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3788?format=api", "vulnerability_id": "VCID-7vjg-vetg-p7f6", "summary": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95031", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95063", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95042", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95045", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/106743", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668488", "reference_id": "1668488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668488" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220", "reference_id": "920220", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0190.json", "reference_id": "CVE-2019-0190", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0190.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190", "reference_id": "CVE-2019-0190", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0190" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3778?format=api", "vulnerability_id": "VCID-9qdr-1v39-d7b7", "summary": "When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87316", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.8732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87306", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395", "reference_id": "1560395", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1283.json", "reference_id": "CVE-2018-1283", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1283.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-1283" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3817?format=api", "vulnerability_id": "VCID-9u53-b79b-cfgd", "summary": "Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128", "reference_id": "2005128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-34798.json", "reference_id": "CVE-2021-34798", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-34798.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-34798" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3783?format=api", "vulnerability_id": "VCID-9vzm-qtye-ufh2", "summary": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92958", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92987", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.9297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92978", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92971", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0007/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securitytracker.com/id/1041402", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041402" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048", "reference_id": "1605048", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106", "reference_id": "904106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106" }, { "reference_url": "https://security.archlinux.org/ASA-201807-12", "reference_id": "ASA-201807-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-12" }, { "reference_url": "https://security.archlinux.org/AVG-736", "reference_id": "AVG-736", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-736" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1333.json", "reference_id": "CVE-2018-1333", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1333.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333", "reference_id": "CVE-2018-1333", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-1333" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3798?format=api", "vulnerability_id": "VCID-a9rw-3s1y-hqd7", "summary": "Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97695", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.9771", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.47892", "scoring_system": "epss", "scoring_elements": "0.97702", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974", "reference_id": "1743974", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743974" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10082.json", "reference_id": "CVE-2019-10082", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10082.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082", "reference_id": "CVE-2019-10082", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10082" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10082" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rw-3s1y-hqd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3780?format=api", "vulnerability_id": "VCID-apfh-r85v-dbhz", "summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93766", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93805", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93789", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625", "reference_id": "1560625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1302.json", "reference_id": "CVE-2018-1302", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1302.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-1302" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3804?format=api", "vulnerability_id": "VCID-auhk-ppv5-buaa", "summary": "in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97247", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97232", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772", "reference_id": "1820772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1934.json", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1934.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-1934" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3812?format=api", "vulnerability_id": "VCID-bvkg-nrwd-e7g8", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98681", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729", "reference_id": "1966729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26690.json", "reference_id": "CVE-2021-26690", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26690.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-26690" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3824?format=api", "vulnerability_id": "VCID-cqjv-6m9n-mfeq", "summary": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nThis issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93382", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93414", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93415", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.9339", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93398", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1096", "scoring_system": "epss", "scoring_elements": "0.93406", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672", "reference_id": "2034672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-44224.json", "reference_id": "CVE-2021-44224", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-44224.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5212-1/", "reference_id": "USN-5212-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-1/" }, { "reference_url": "https://usn.ubuntu.com/5212-2/", "reference_id": "USN-5212-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-44224" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjv-6m9n-mfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3787?format=api", "vulnerability_id": "VCID-ct26-19cq-8kd7", "summary": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.9322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93237", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93222", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securityfocus.com/bid/106742", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106742" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493", "reference_id": "1668493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303", "reference_id": "920303", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17199.json", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17199.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-17199" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3785?format=api", "vulnerability_id": "VCID-e3jc-83a7-8uhh", "summary": "By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95033", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95068", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95064", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95065", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95044", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95045", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95047", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17401", "scoring_system": "epss", "scoring_elements": "0.95058", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399", "reference_id": "1633399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591", "reference_id": "909591", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-11763.json", "reference_id": "CVE-2018-11763", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-11763.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-11763" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3jc-83a7-8uhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3805?format=api", "vulnerability_id": "VCID-eesz-v6ae-gya3", "summary": "In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via \"H2Push off\" will mitigate this vulnerability for unpatched servers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98919", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98929", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98926", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.9892", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.76276", "scoring_system": "epss", "scoring_elements": "0.98925", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9490" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866560", "reference_id": "1866560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866560" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-9490.json", "reference_id": "CVE-2020-9490", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-9490.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3714", "reference_id": "RHSA-2020:3714", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3714" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3726", "reference_id": "RHSA-2020:3726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3733", "reference_id": "RHSA-2020:3733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3734", "reference_id": "RHSA-2020:3734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3734" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-9490" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eesz-v6ae-gya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3791?format=api", "vulnerability_id": "VCID-ehv1-yvpu-ubcg", "summary": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html" }, { "reference_url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html" }, { "reference_url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0959", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90159", "scoring_system": "epss", "scoring_elements": "0.99586", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.9026", "scoring_system": "epss", "scoring_elements": "0.99594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.9026", "scoring_system": "epss", "scoring_elements": "0.99593", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90908", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/16" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K32957101", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://support.f5.com/csp/article/K32957101" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.exploit-db.com/exploits/46676/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.exploit-db.com/exploits/46676/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_14" }, { "reference_url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/26/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/26/7" }, { "reference_url": "http://www.securityfocus.com/bid/107666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.securityfocus.com/bid/107666" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694980", "reference_id": "1694980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694980" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php", "reference_id": "CVE-2019-0211", "reference_type": "exploit", "scores": [], "url": "https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php", "reference_id": "CVE-2019-0211", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0211.json", "reference_id": "CVE-2019-0211", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0211.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0211", "reference_id": "CVE-2019-0211", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0211" }, { "reference_url": "https://security.gentoo.org/glsa/201904-20", "reference_id": "GLSA-201904-20", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://security.gentoo.org/glsa/201904-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0746", "reference_id": "RHSA-2019:0746", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0980", "reference_id": "RHSA-2019:0980", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1296", "reference_id": "RHSA-2019:1296", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1297", "reference_id": "RHSA-2019:1297", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1297" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0211" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3782?format=api", "vulnerability_id": "VCID-fqem-96w3-rucb", "summary": "When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91622", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91667", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91642", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91655", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634", "reference_id": "1560634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1312.json", "reference_id": "CVE-2018-1312", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1312.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1898", "reference_id": "RHSA-2019:1898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1898" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-1312" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3772?format=api", "vulnerability_id": "VCID-fyrq-yg2u-jkc7", "summary": "mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96661", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96725", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.9673", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96739", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96742", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96726", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207", "reference_id": "1463207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7679.json", "reference_id": "CVE-2017-7679", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7679.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-7679" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3814?format=api", "vulnerability_id": "VCID-g6xr-qtwz-2yaq", "summary": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.9711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97095", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743", "reference_id": "1966743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-30641.json", "reference_id": "CVE-2021-30641", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-30641.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-30641" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3801?format=api", "vulnerability_id": "VCID-h6kk-81jx-h7b8", "summary": "Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99114", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99119", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99117", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.99112", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.80306", "scoring_system": "epss", "scoring_elements": "0.9912", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/01/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/01/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959", "reference_id": "1743959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/", "reference_id": "CVE-2019-10098", "reference_type": "exploit", "scores": [], "url": "https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md", "reference_id": "CVE-2019-10098", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10098.json", "reference_id": "CVE-2019-10098", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10098.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098", "reference_id": "CVE-2019-10098", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10098" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10098" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6kk-81jx-h7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3773?format=api", "vulnerability_id": "VCID-jt89-ruvk-1kbj", "summary": "The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97921", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97934", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97941", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97924", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97929", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748", "reference_id": "1470748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467", "reference_id": "868467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9788.json", "reference_id": "CVE-2017-9788", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9788.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2708", "reference_id": "RHSA-2017:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2709", "reference_id": "RHSA-2017:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2710", "reference_id": "RHSA-2017:2710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://usn.ubuntu.com/3370-1/", "reference_id": "USN-3370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-1/" }, { "reference_url": "https://usn.ubuntu.com/3370-2/", "reference_id": "USN-3370-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-9788" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3779?format=api", "vulnerability_id": "VCID-jzuw-73df-mfff", "summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91755", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9179", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643", "reference_id": "1560643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1301.json", "reference_id": "CVE-2018-1301", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1301.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-1301" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3820?format=api", "vulnerability_id": "VCID-mtg7-8556-kbgd", "summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94432", "scoring_system": "epss", "scoring_elements": "0.99985", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117", "reference_id": "2005117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_id": "cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-40438.json", "reference_id": "CVE-2021-40438", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-40438.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4982", "reference_id": "dsa-4982", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0004/", "reference_id": "ntap-20211008-0004", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "reference_url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_id": "r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_id": "r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_id": "r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_id": "r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_id": "rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3745", "reference_id": "RHSA-2021:3745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3746", "reference_id": "RHSA-2021:3746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3754", "reference_id": "RHSA-2021:3754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3836", "reference_id": "RHSA-2021:3836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3837", "reference_id": "RHSA-2021:3837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3856", "reference_id": "RHSA-2021:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3856" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", "reference_id": "SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", "reference_id": "ssa-685781.pdf", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2021-17", "reference_id": "tns-2021-17", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", "reference_id": "ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-40438" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3777?format=api", "vulnerability_id": "VCID-q5wm-suxb-jfeb", "summary": "The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99908", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614", "reference_id": "1560614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15715.json", "reference_id": "CVE-2017-15715", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15715.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-15715" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3768?format=api", "vulnerability_id": "VCID-qayj-kts9-3fde", "summary": "Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.9319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93176", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93174", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194", "reference_id": "1463194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3167.json", "reference_id": "CVE-2017-3167", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3167.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-3167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3784?format=api", "vulnerability_id": "VCID-qc9j-x576-ayc1", "summary": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99199", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99208", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99207", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99203", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99209", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0007/" }, { "reference_url": "http://www.securitytracker.com/id/1041401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605052", "reference_id": "1605052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605052" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107", "reference_id": "904107", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107" }, { "reference_url": "https://security.archlinux.org/ASA-201807-12", "reference_id": "ASA-201807-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-12" }, { "reference_url": "https://security.archlinux.org/AVG-736", "reference_id": "AVG-736", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-736" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-8011.json", "reference_id": "CVE-2018-8011", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-8011.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011", "reference_id": "CVE-2018-8011", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-8011" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3818?format=api", "vulnerability_id": "VCID-rdtq-8ng5-53fn", "summary": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87985", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87978", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87968", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124", "reference_id": "2005124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-36160.json", "reference_id": "CVE-2021-36160", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-36160.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-36160" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3781?format=api", "vulnerability_id": "VCID-scf1-zmu7-e3b2", "summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97315", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97337", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399", "reference_id": "1560399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1303.json", "reference_id": "CVE-2018-1303", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1303.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2018-1303" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3806?format=api", "vulnerability_id": "VCID-t67v-c4gx-ukbj", "summary": "In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98877", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98879", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98881", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75348", "scoring_system": "epss", "scoring_elements": "0.98883", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866563", "reference_id": "1866563", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866563" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-11984.json", "reference_id": "CVE-2020-11984", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-11984.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4383", "reference_id": "RHSA-2020:4383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4384", "reference_id": "RHSA-2020:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" }, { "reference_url": "https://usn.ubuntu.com/5054-1/", "reference_id": "USN-5054-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5054-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5054-2/", "reference_id": "USN-USN-5054-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5054-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-11984" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t67v-c4gx-ukbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3771?format=api", "vulnerability_id": "VCID-twj7-4qwm-2khv", "summary": "The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98519", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.9853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98524", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205", "reference_id": "1463205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7668.json", "reference_id": "CVE-2017-7668", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7668.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-7668" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3793?format=api", "vulnerability_id": "VCID-ugdv-apr8-g3bz", "summary": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91756", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91771", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K59440504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K59440504" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/4" }, { "reference_url": "http://www.securityfocus.com/bid/107667", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695025", "reference_id": "1695025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695025" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0215.json", "reference_id": "CVE-2019-0215", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0215.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0215", "reference_id": "CVE-2019-0215", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0980", "reference_id": "RHSA-2019:0980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0980" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0215" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3795?format=api", "vulnerability_id": "VCID-uwqg-yytc-vfae", "summary": "When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95478", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95507", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95512", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95505", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036", "reference_id": "1695036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0220.json", "reference_id": "CVE-2019-0220", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0220.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0250", "reference_id": "RHSA-2020:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0251", "reference_id": "RHSA-2020:0251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0251" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0220" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3797?format=api", "vulnerability_id": "VCID-v41h-pbbe-zfas", "summary": "HTTP/2 very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96516", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96549", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96546", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96525", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96529", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.28784", "scoring_system": "epss", "scoring_elements": "0.96542", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966", "reference_id": "1743966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743966" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10081.json", "reference_id": "CVE-2019-10081", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10081.json" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-10081" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v41h-pbbe-zfas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3794?format=api", "vulnerability_id": "VCID-w6p6-u8ku-k3f6", "summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97464", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97481", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97482", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97471", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/5" }, { "reference_url": "http://www.securityfocus.com/bid/107668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020", "reference_id": "1695020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0217.json", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0217.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2019-0217" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3819?format=api", "vulnerability_id": "VCID-wrw6-uzz4-rkfb", "summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97171", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97193", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97183", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119", "reference_id": "2005119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-39275.json", "reference_id": "CVE-2021-39275", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-39275.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-39275" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3770?format=api", "vulnerability_id": "VCID-wshe-gf99-tbg6", "summary": "A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.9722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.9723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97219", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199", "reference_id": "1463199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7659.json", "reference_id": "CVE-2017-7659", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7659.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-7659" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3825?format=api", "vulnerability_id": "VCID-xwnu-h1xh-3bg6", "summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).\nThe Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one.\n\nThis issue affects Apache HTTP Server 2.4.51 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86011", "scoring_system": "epss", "scoring_elements": "0.99393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99437", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99439", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87092", "scoring_system": "epss", "scoring_elements": "0.99441", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034674", "reference_id": "2034674", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034674" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py", "reference_id": "CVE-2021-44790", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-44790.json", "reference_id": "CVE-2021-44790", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-44790.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0258", "reference_id": "RHSA-2022:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0288", "reference_id": "RHSA-2022:0288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0288" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0303", "reference_id": "RHSA-2022:0303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1136", "reference_id": "RHSA-2022:1136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1137", "reference_id": "RHSA-2022:1137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1138", "reference_id": "RHSA-2022:1138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1139", "reference_id": "RHSA-2022:1139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1139" }, { "reference_url": "https://usn.ubuntu.com/5212-1/", "reference_id": "USN-5212-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-1/" }, { "reference_url": "https://usn.ubuntu.com/5212-2/", "reference_id": "USN-5212-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5212-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2021-44790" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwnu-h1xh-3bg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3796?format=api", "vulnerability_id": "VCID-y3k1-c4rn-xbc2", "summary": "A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04564", "scoring_system": "epss", "scoring_elements": "0.89159", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04564", "scoring_system": "epss", "scoring_elements": "0.89153", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90652", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90648", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90624", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90631", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05964", "scoring_system": "epss", "scoring_elements": "0.90643", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868", "reference_id": "1741868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741868" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-9517.json", "reference_id": "CVE-2019-9517", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-9517.json" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2893", "reference_id": "RHSA-2019:2893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2893" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2950", "reference_id": "RHSA-2019:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2019-9517" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3k1-c4rn-xbc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3808?format=api", "vulnerability_id": "VCID-yz3c-arnr-y3cs", "summary": "In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.\nConfiguring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96887", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96919", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96918", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96912", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33361", "scoring_system": "epss", "scoring_elements": "0.96914", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866564", "reference_id": "1866564", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866564" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-11993.json", "reference_id": "CVE-2020-11993", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-11993.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4383", "reference_id": "RHSA-2020:4383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4384", "reference_id": "RHSA-2020:4384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049887?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1" } ], "aliases": [ "CVE-2020-11993" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yz3c-arnr-y3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3776?format=api", "vulnerability_id": "VCID-zc2p-sfu7-jkhc", "summary": "mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.9208", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92085", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599", "reference_id": "1560599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15710.json", "reference_id": "CVE-2017-15710", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15710.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035750?format=api", "purl": "pkg:deb/debian/apache2@2.4.10-10%2Bdeb8u12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-2nmh-7tfa-zyb2" }, { "vulnerability": "VCID-2xc4-7zg9-y7fw" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-3wuk-hwg1-6fa6" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-7zer-dq7c-8ffq" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8gcm-7q3n-q7bm" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4kb-21tp-4kc8" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-kv7f-t14h-2bfv" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pc2n-ga7g-byga" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-rfqy-e7pv-dyfy" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-tkm7-pyue-7ffj" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wgte-97r1-j7a9" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.10-10%252Bdeb8u12" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036941?format=api", "purl": "pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1189-ej89-hybs" }, { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-5bej-9h7w-33c8" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-7u2r-egf2-vfhx" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-7vjg-vetg-p7f6" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9qdr-1v39-d7b7" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9vzm-qtye-ufh2" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-apfh-r85v-dbhz" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-ct26-19cq-8kd7" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-e3jc-83a7-8uhh" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fqem-96w3-rucb" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fyrq-yg2u-jkc7" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-jt89-ruvk-1kbj" }, { "vulnerability": "VCID-jzuw-73df-mfff" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-q5wm-suxb-jfeb" }, { "vulnerability": "VCID-qayj-kts9-3fde" }, { "vulnerability": "VCID-qc9j-x576-ayc1" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-scf1-zmu7-e3b2" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-twj7-4qwm-2khv" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-wshe-gf99-tbg6" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zc2p-sfu7-jkhc" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037784?format=api", "purl": "pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17hy-4ppt-xyhw" }, { "vulnerability": "VCID-2d8p-bbc1-hkfa" }, { "vulnerability": "VCID-2e6w-fs4j-17g9" }, { "vulnerability": "VCID-3ay7-bwah-2yd1" }, { "vulnerability": "VCID-3djp-gq4c-1fa9" }, { "vulnerability": "VCID-4c3m-m6ku-kbhq" }, { "vulnerability": "VCID-4d3t-es7p-9qhn" }, { "vulnerability": "VCID-5xrt-1n1q-4bey" }, { "vulnerability": "VCID-66k7-maf9-dfcd" }, { "vulnerability": "VCID-6b7y-562y-suce" }, { "vulnerability": "VCID-6qk8-1cj1-4fh7" }, { "vulnerability": "VCID-6tgh-b4td-63f5" }, { "vulnerability": "VCID-7vfk-1dwm-xbbt" }, { "vulnerability": "VCID-8edq-8rvq-rkf1" }, { "vulnerability": "VCID-8nw9-zpxn-ckab" }, { "vulnerability": "VCID-9tez-97xg-z3bs" }, { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-9ych-ybpr-j3h6" }, { "vulnerability": "VCID-a9rw-3s1y-hqd7" }, { "vulnerability": "VCID-auhk-ppv5-buaa" }, { "vulnerability": "VCID-b68y-4prb-bfdk" }, { "vulnerability": "VCID-b9ks-detx-nkdw" }, { "vulnerability": "VCID-bau7-pme5-ckbt" }, { "vulnerability": "VCID-bvkg-nrwd-e7g8" }, { "vulnerability": "VCID-cqjv-6m9n-mfeq" }, { "vulnerability": "VCID-d36c-rrxh-ybgv" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-edvy-cern-6kcu" }, { "vulnerability": "VCID-eesz-v6ae-gya3" }, { "vulnerability": "VCID-ej7y-7na3-5qby" }, { "vulnerability": "VCID-f2y3-s6j8-7ygr" }, { "vulnerability": "VCID-fsh3-7b9j-dfgf" }, { "vulnerability": "VCID-ftjw-9fb6-d3cw" }, { "vulnerability": "VCID-fz8c-b8r4-1yb8" }, { "vulnerability": "VCID-g55m-t4s1-nfhv" }, { "vulnerability": "VCID-g6xr-qtwz-2yaq" }, { "vulnerability": "VCID-gv84-vfvh-y7hu" }, { "vulnerability": "VCID-h6kk-81jx-h7b8" }, { "vulnerability": "VCID-ha7f-21gy-3qa2" }, { "vulnerability": "VCID-hm3f-m22n-u3gy" }, { "vulnerability": "VCID-htfx-mahy-9kde" }, { "vulnerability": "VCID-k4nk-qqxg-s7e6" }, { "vulnerability": "VCID-kkuy-1j91-9bb2" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-na94-5565-dyfc" }, { "vulnerability": "VCID-p2a1-afnh-7qca" }, { "vulnerability": "VCID-pjxs-hnjr-duey" }, { "vulnerability": "VCID-pnc8-bb23-vqh1" }, { "vulnerability": "VCID-pz6f-mahv-hue8" }, { "vulnerability": "VCID-qjeh-n57t-y7g5" }, { "vulnerability": "VCID-qm7e-n9ay-hufy" }, { "vulnerability": "VCID-r2pc-wuzb-h7hk" }, { "vulnerability": "VCID-r471-g9xs-sbga" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-t67v-c4gx-ukbj" }, { "vulnerability": "VCID-td8g-tmny-jyaa" }, { "vulnerability": "VCID-v41h-pbbe-zfas" }, { "vulnerability": "VCID-varh-ysfr-euc8" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" }, { "vulnerability": "VCID-ww49-y35r-ykdd" }, { "vulnerability": "VCID-xfm9-e5nr-wyat" }, { "vulnerability": "VCID-xhyc-9rpu-2bc8" }, { "vulnerability": "VCID-xnfs-bpwj-3ycp" }, { "vulnerability": "VCID-xwnu-h1xh-3bg6" }, { "vulnerability": "VCID-y3k1-c4rn-xbc2" }, { "vulnerability": "VCID-yz3c-arnr-y3cs" }, { "vulnerability": "VCID-zxet-n94k-57ge" }, { "vulnerability": "VCID-zyyh-n42k-8bhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" } ], "aliases": [ "CVE-2017-15710" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8" }