Package Instance

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26691.json

reference_url

reference_id

CVE-2021-26691

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26691.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:3816
reference_id	RHSA-2021:3816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3816

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-26691

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw

url VCID-2e6w-fs4j-17g9

vulnerability_id VCID-2e6w-fs4j-17g9

summary HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27316

reference_id

reference_type

scores

value	0.89409
scoring_system	epss
scoring_elements	0.99546
published_at	2026-04-13T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99542
published_at	2026-04-02T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99543
published_at	2026-04-04T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99545
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27316

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id	1068412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412

reference_url

https://www.openwall.com/lists/oss-security/2024/04/03/16

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

https://www.openwall.com/lists/oss-security/2024/04/03/16

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

http://www.openwall.com/lists/oss-security/2024/04/04/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2268277
reference_id	2268277
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2268277

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

http://www.openwall.com/lists/oss-security/2024/04/04/4

reference_url	https://httpd.apache.org/security/json/CVE-2024-27316.json
reference_id	CVE-2024-27316
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-27316.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

reference_id

HT214119

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json

reference_url	https://access.redhat.com/errata/RHSA-2024:1786
reference_id	RHSA-2024:1786
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1786

reference_url	https://access.redhat.com/errata/RHSA-2024:1872
reference_id	RHSA-2024:1872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1872

reference_url	https://access.redhat.com/errata/RHSA-2024:2564
reference_id	RHSA-2024:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2564

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

reference_url	https://access.redhat.com/errata/RHSA-2024:2891
reference_id	RHSA-2024:2891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2891

reference_url	https://access.redhat.com/errata/RHSA-2024:2907
reference_id	RHSA-2024:2907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2907

reference_url	https://access.redhat.com/errata/RHSA-2024:3402
reference_id	RHSA-2024:3402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3402

reference_url	https://access.redhat.com/errata/RHSA-2024:3417
reference_id	RHSA-2024:3417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3417

reference_url	https://access.redhat.com/errata/RHSA-2024:4390
reference_id	RHSA-2024:4390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4390

reference_url	https://access.redhat.com/errata/RHSA-2025:16668
reference_id	RHSA-2025:16668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16668

reference_url	https://usn.ubuntu.com/6729-1/
reference_id	USN-6729-1
reference_type
scores
url	https://usn.ubuntu.com/6729-1/

reference_url	https://usn.ubuntu.com/6729-2/
reference_id	USN-6729-2
reference_type
scores
url	https://usn.ubuntu.com/6729-2/

reference_url	https://usn.ubuntu.com/6729-3/
reference_id	USN-6729-3
reference_type
scores
url	https://usn.ubuntu.com/6729-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-27316

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e6w-fs4j-17g9

url VCID-3djp-gq4c-1fa9

vulnerability_id VCID-3djp-gq4c-1fa9

summary A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html

reference_url

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10092

reference_id

reference_type

scores

value	0.82379
scoring_system	epss
scoring_elements	0.99216
published_at	2026-04-01T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99221
published_at	2026-04-04T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99225
published_at	2026-04-13T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99224
published_at	2026-04-07T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99218
published_at	2026-04-02T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99226
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
reference_id
reference_type
scores
url	https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/

reference_url	https://seclists.org/bugtraq/2019/Aug/47
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Aug/47

reference_url	https://seclists.org/bugtraq/2019/Oct/24
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Oct/24

reference_url	https://security.netapp.com/advisory/ntap-20190905-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190905-0003/

reference_url	https://support.f5.com/csp/article/K30442259
reference_id
reference_type
scores
url	https://support.f5.com/csp/article/K30442259

reference_url	https://www.debian.org/security/2019/dsa-4509
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4509

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	http://www.openwall.com/lists/oss-security/2019/08/15/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/08/15/4

reference_url	http://www.openwall.com/lists/oss-security/2020/08/08/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/08/08/1

reference_url	http://www.openwall.com/lists/oss-security/2020/08/08/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/08/08/9

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743956
reference_id	1743956
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743956

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
reference_id	cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
reference_id	cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:::::::*
reference_id	cpe:2.3:a:redhat:software_collection:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap::::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/
reference_id	CVE-2019-10092
reference_type	exploit
scores
url	https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md
reference_id	CVE-2019-10092
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md

reference_url

https://httpd.apache.org/security/json/CVE-2019-10092.json

reference_id

CVE-2019-10092

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10092.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10092

reference_id

CVE-2019-10092

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10092

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

purl pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-7vjg-vetg-p7f6

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-ugdv-apr8-g3bz

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2019-10092

risk_score 10.0

exploitability 2.0

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3djp-gq4c-1fa9

url VCID-4c3m-m6ku-kbhq

vulnerability_id VCID-4c3m-m6ku-kbhq

summary

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.

Special characters in the origin response header can truncate/split the response forwarded to the client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27522

reference_id

reference_type

scores

value	0.00781
scoring_system	epss
scoring_elements	0.7369
published_at	2026-04-13T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73675
published_at	2026-04-04T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73699
published_at	2026-04-12T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73717
published_at	2026-04-11T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73696
published_at	2026-04-09T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73683
published_at	2026-04-08T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73651
published_at	2026-04-02T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73647
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d

reference_url

https://github.com/unbit/uwsgi

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unbit/uwsgi

reference_url

https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822

reference_url

https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569

reference_url

https://httpd.apache.org/security/vulnerabilities_24.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/

url

https://httpd.apache.org/security/vulnerabilities_24.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html

reference_url

https://security.gentoo.org/glsa/202309-01

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/

url

https://security.gentoo.org/glsa/202309-01

reference_url

https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
reference_id	1032476
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2176211
reference_id	2176211
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2176211

reference_url	https://httpd.apache.org/security/json/CVE-2023-27522.json
reference_id	CVE-2023-27522
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-27522.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-27522

reference_id

CVE-2023-27522

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-27522

reference_url

https://github.com/advisories/GHSA-vcph-37mh-fqrh

reference_id

GHSA-vcph-37mh-fqrh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vcph-37mh-fqrh

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5049
reference_id	RHSA-2023:5049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5049

reference_url	https://access.redhat.com/errata/RHSA-2023:5050
reference_id	RHSA-2023:5050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5050

reference_url	https://access.redhat.com/errata/RHSA-2023:6403
reference_id	RHSA-2023:6403
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6403

reference_url	https://access.redhat.com/errata/RHSA-2024:4504
reference_id	RHSA-2024:4504
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4504

reference_url	https://usn.ubuntu.com/5942-1/
reference_id	USN-5942-1
reference_type
scores
url	https://usn.ubuntu.com/5942-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2023-27522, GHSA-vcph-37mh-fqrh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4c3m-m6ku-kbhq

url VCID-4d3t-es7p-9qhn

vulnerability_id VCID-4d3t-es7p-9qhn

summary Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28615

reference_id

reference_type

scores

value	0.01111
scoring_system	epss
scoring_elements	0.78149
published_at	2026-04-13T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78114
published_at	2026-04-07T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78131
published_at	2026-04-04T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78101
published_at	2026-04-02T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78153
published_at	2026-04-12T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78171
published_at	2026-04-11T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78146
published_at	2026-04-09T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.7814
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2095006
reference_id	2095006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2095006

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/

reference_id

7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/

reference_url

http://www.openwall.com/lists/oss-security/2022/06/08/9

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/

url

http://www.openwall.com/lists/oss-security/2022/06/08/9

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-28615.json

reference_url

reference_id

CVE-2022-28615

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-28615.json

reference_url

reference_id

GLSA-202208-20

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/

url

https://security.netapp.com/advisory/ntap-20220624-0005/

reference_url

reference_id

ntap-20220624-0005

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/

url

https://security.netapp.com/advisory/ntap-20220624-0005/

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/

reference_id

YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-28615

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn

url VCID-5xrt-1n1q-4bey

vulnerability_id VCID-5xrt-1n1q-4bey

summary In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1927

reference_id

reference_type

scores

value	0.11302
scoring_system	epss
scoring_elements	0.93495
published_at	2026-04-01T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93527
published_at	2026-04-12T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93511
published_at	2026-04-07T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93519
published_at	2026-04-08T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93522
published_at	2026-04-09T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93528
published_at	2026-04-13T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93504
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

reference_url	https://security.netapp.com/advisory/ntap-20200413-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200413-0002/

reference_url	https://www.debian.org/security/2020/dsa-4757
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4757

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	http://www.openwall.com/lists/oss-security/2020/04/03/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/04/03/1

reference_url	http://www.openwall.com/lists/oss-security/2020/04/04/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/04/04/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1820761
reference_id	1820761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1820761

reference_url	https://security.archlinux.org/ASA-202004-14
reference_id	ASA-202004-14
reference_type
scores
url	https://security.archlinux.org/ASA-202004-14

reference_url

reference_id

AVG-1126

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1927.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:::::::*
reference_id	cpe:2.3:a:oracle:sd-wan_aware:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_id	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:::::::*
reference_id	cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

reference_id

CVE-2020-1927

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1927.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1927

reference_id

CVE-2020-1927

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1927

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:2263
reference_id	RHSA-2020:2263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2263

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2020-1927

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey

url VCID-66k7-maf9-dfcd

vulnerability_id VCID-66k7-maf9-dfcd

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35452

reference_id

reference_type

scores

value	0.10695
scoring_system	epss
scoring_elements	0.93289
published_at	2026-04-01T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93319
published_at	2026-04-13T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93315
published_at	2026-04-09T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.9332
published_at	2026-04-11T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93318
published_at	2026-04-12T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93297
published_at	2026-04-02T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93303
published_at	2026-04-04T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93302
published_at	2026-04-07T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93311
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966724
reference_id	1966724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966724

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-35452.json

reference_url

reference_id

CVE-2020-35452

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-35452.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2020-35452

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd

url VCID-6b7y-562y-suce

vulnerability_id VCID-6b7y-562y-suce

summary

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.

This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.

This issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31618

reference_id

reference_type

scores

value	0.11001
scoring_system	epss
scoring_elements	0.93424
published_at	2026-04-12T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.934
published_at	2026-04-02T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93416
published_at	2026-04-08T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93392
published_at	2026-04-01T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93408
published_at	2026-04-07T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93425
published_at	2026-04-13T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93419
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31618

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1968013
reference_id	1968013
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1968013

reference_url

http://www.openwall.com/lists/oss-security/2024/03/13/2

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

http://www.openwall.com/lists/oss-security/2024/03/13/2

reference_url

https://seclists.org/oss-sec/2021/q2/206

reference_id

206

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://seclists.org/oss-sec/2021/q2/206

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/

reference_id

2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/

reference_url

http://www.openwall.com/lists/oss-security/2021/06/10/9

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

http://www.openwall.com/lists/oss-security/2021/06/10/9

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562
reference_id	989562
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/

reference_id

A73QJ4HPUMU26I6EULG6SCK67TUEXZYR

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/

reference_url	https://security.archlinux.org/ASA-202106-23
reference_id	ASA-202106-23
reference_type
scores
url	https://security.archlinux.org/ASA-202106-23

reference_url

https://security.archlinux.org/AVG-2041

reference_id

AVG-2041

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2041

reference_url

https://httpd.apache.org/security/json/CVE-2021-31618.json

reference_id

CVE-2021-31618

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-31618.json

reference_url

https://www.debian.org/security/2021/dsa-4937

reference_id

dsa-4937

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://www.debian.org/security/2021/dsa-4937

reference_url

https://security.gentoo.org/glsa/202107-38

reference_id

GLSA-202107-38

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://security.gentoo.org/glsa/202107-38

reference_url

https://security.netapp.com/advisory/ntap-20210727-0008/

reference_id

ntap-20210727-0008

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://security.netapp.com/advisory/ntap-20210727-0008/

reference_url

https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

reference_id

r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

reference_id

r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-31618

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce

url VCID-6qk8-1cj1-4fh7

vulnerability_id VCID-6qk8-1cj1-4fh7

summary Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36760

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.52542
published_at	2026-04-13T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52508
published_at	2026-04-04T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52475
published_at	2026-04-07T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52528
published_at	2026-04-08T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52522
published_at	2026-04-09T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52573
published_at	2026-04-11T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52558
published_at	2026-04-12T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52481
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161777
reference_id	2161777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161777

reference_url

reference_id

AVG-2824

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json

reference_url	https://httpd.apache.org/security/json/CVE-2022-36760.json
reference_id	CVE-2022-36760
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2022-36760.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0852
reference_id	RHSA-2023:0852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0852

reference_url	https://access.redhat.com/errata/RHSA-2023:0970
reference_id	RHSA-2023:0970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0970

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://usn.ubuntu.com/5834-1/
reference_id	USN-5834-1
reference_type
scores
url	https://usn.ubuntu.com/5834-1/

reference_url	https://usn.ubuntu.com/5839-1/
reference_id	USN-5839-1
reference_type
scores
url	https://usn.ubuntu.com/5839-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-36760

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7

url VCID-6tgh-b4td-63f5

vulnerability_id VCID-6tgh-b4td-63f5

summary

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.

references

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39573

reference_id

reference_type

scores

value	0.0316
scoring_system	epss
scoring_elements	0.86917
published_at	2026-04-13T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86886
published_at	2026-04-07T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86906
published_at	2026-04-08T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86914
published_at	2026-04-09T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86927
published_at	2026-04-11T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86923
published_at	2026-04-12T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86873
published_at	2026-04-02T12:55:00Z

value	0.0316
scoring_system	epss
scoring_elements	0.86891
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39573

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295022
reference_id	2295022
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295022

reference_url	https://httpd.apache.org/security/json/CVE-2024-39573.json
reference_id	CVE-2024-39573
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-39573.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:41:48Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:4720
reference_id	RHSA-2024:4720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4720

reference_url	https://access.redhat.com/errata/RHSA-2024:4726
reference_id	RHSA-2024:4726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4726

reference_url	https://access.redhat.com/errata/RHSA-2024:5001
reference_id	RHSA-2024:5001
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5001

reference_url	https://access.redhat.com/errata/RHSA-2024:5239
reference_id	RHSA-2024:5239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5239

reference_url	https://access.redhat.com/errata/RHSA-2024:5240
reference_id	RHSA-2024:5240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5240

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-39573

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tgh-b4td-63f5

url VCID-7vfk-1dwm-xbbt

vulnerability_id VCID-7vfk-1dwm-xbbt

summary When mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10097

reference_id

reference_type

scores

value	0.22907
scoring_system	epss
scoring_elements	0.95861
published_at	2026-04-01T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95896
published_at	2026-04-13T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95881
published_at	2026-04-07T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95889
published_at	2026-04-08T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95892
published_at	2026-04-09T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95895
published_at	2026-04-12T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95869
published_at	2026-04-02T12:55:00Z

value	0.22907
scoring_system	epss
scoring_elements	0.95877
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743996
reference_id	1743996
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743996

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.34:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.35:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.38:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2019-10097.json

reference_id

CVE-2019-10097

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10097.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10097

reference_id

CVE-2019-10097

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10097

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2019-10097

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vfk-1dwm-xbbt

url VCID-8edq-8rvq-rkf1

vulnerability_id VCID-8edq-8rvq-rkf1

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38475

reference_id

reference_type

scores

value	0.93858
scoring_system	epss
scoring_elements	0.99869
published_at	2026-04-13T12:55:00Z

value	0.93858
scoring_system	epss
scoring_elements	0.99867
published_at	2026-04-09T12:55:00Z

value	0.93858
scoring_system	epss
scoring_elements	0.99868
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295014
reference_id	2295014
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295014

reference_url	https://httpd.apache.org/security/json/CVE-2024-38475.json
reference_id	CVE-2024-38475
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-38475.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-05-02T03:55:18Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:4719
reference_id	RHSA-2024:4719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4719

reference_url	https://access.redhat.com/errata/RHSA-2024:4720
reference_id	RHSA-2024:4720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4720

reference_url	https://access.redhat.com/errata/RHSA-2024:4726
reference_id	RHSA-2024:4726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4726

reference_url	https://access.redhat.com/errata/RHSA-2024:4820
reference_id	RHSA-2024:4820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4820

reference_url	https://access.redhat.com/errata/RHSA-2024:4827
reference_id	RHSA-2024:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4827

reference_url	https://access.redhat.com/errata/RHSA-2024:4830
reference_id	RHSA-2024:4830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4830

reference_url	https://access.redhat.com/errata/RHSA-2024:4862
reference_id	RHSA-2024:4862
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4862

reference_url	https://access.redhat.com/errata/RHSA-2024:4863
reference_id	RHSA-2024:4863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4863

reference_url	https://access.redhat.com/errata/RHSA-2024:4938
reference_id	RHSA-2024:4938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4938

reference_url	https://access.redhat.com/errata/RHSA-2024:4943
reference_id	RHSA-2024:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4943

reference_url	https://access.redhat.com/errata/RHSA-2024:5239
reference_id	RHSA-2024:5239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5239

reference_url	https://access.redhat.com/errata/RHSA-2024:5240
reference_id	RHSA-2024:5240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5240

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

reference_url	https://usn.ubuntu.com/6885-3/
reference_id	USN-6885-3
reference_type
scores
url	https://usn.ubuntu.com/6885-3/

reference_url	https://usn.ubuntu.com/6885-5/
reference_id	USN-6885-5
reference_type
scores
url	https://usn.ubuntu.com/6885-5/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-38475

risk_score 10.0

exploitability 2.0

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8edq-8rvq-rkf1

url VCID-8nw9-zpxn-ckab

vulnerability_id VCID-8nw9-zpxn-ckab

summary

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38476

reference_id

reference_type

scores

value	0.03452
scoring_system	epss
scoring_elements	0.87515
published_at	2026-04-13T12:55:00Z

value	0.03452
scoring_system	epss
scoring_elements	0.87486
published_at	2026-04-07T12:55:00Z

value	0.03452
scoring_system	epss
scoring_elements	0.87505
published_at	2026-04-08T12:55:00Z

value	0.03452
scoring_system	epss
scoring_elements	0.87512
published_at	2026-04-09T12:55:00Z

value	0.03452
scoring_system	epss
scoring_elements	0.87523
published_at	2026-04-11T12:55:00Z

value	0.03452
scoring_system	epss
scoring_elements	0.87519
published_at	2026-04-12T12:55:00Z

value	0.03545
scoring_system	epss
scoring_elements	0.87649
published_at	2026-04-04T12:55:00Z

value	0.03545
scoring_system	epss
scoring_elements	0.87636
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295015
reference_id	2295015
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295015

reference_url	https://httpd.apache.org/security/json/CVE-2024-38476.json
reference_id	CVE-2024-38476
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-38476.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T03:55:12Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:5138
reference_id	RHSA-2024:5138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5138

reference_url	https://access.redhat.com/errata/RHSA-2024:5193
reference_id	RHSA-2024:5193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5193

reference_url	https://access.redhat.com/errata/RHSA-2024:5239
reference_id	RHSA-2024:5239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5239

reference_url	https://access.redhat.com/errata/RHSA-2024:5240
reference_id	RHSA-2024:5240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5240

reference_url	https://access.redhat.com/errata/RHSA-2024:5812
reference_id	RHSA-2024:5812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5812

reference_url	https://access.redhat.com/errata/RHSA-2024:5832
reference_id	RHSA-2024:5832
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5832

reference_url	https://access.redhat.com/errata/RHSA-2024:6136
reference_id	RHSA-2024:6136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6136

reference_url	https://access.redhat.com/errata/RHSA-2024:6467
reference_id	RHSA-2024:6467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6467

reference_url	https://access.redhat.com/errata/RHSA-2024:6468
reference_id	RHSA-2024:6468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6468

reference_url	https://access.redhat.com/errata/RHSA-2024:6583
reference_id	RHSA-2024:6583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6583

reference_url	https://access.redhat.com/errata/RHSA-2024:6584
reference_id	RHSA-2024:6584
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6584

reference_url	https://access.redhat.com/errata/RHSA-2024:7101
reference_id	RHSA-2024:7101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7101

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

reference_url	https://usn.ubuntu.com/6885-3/
reference_id	USN-6885-3
reference_type
scores
url	https://usn.ubuntu.com/6885-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-38476

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nw9-zpxn-ckab

url VCID-9u53-b79b-cfgd

vulnerability_id VCID-9u53-b79b-cfgd

summary

Malformed requests may cause the server to dereference a NULL pointer.


This issue affects Apache HTTP Server 2.4.48 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-34798

reference_id

reference_type

scores

value	0.1029
scoring_system	epss
scoring_elements	0.93141
published_at	2026-04-01T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93171
published_at	2026-04-13T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93166
published_at	2026-04-09T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93172
published_at	2026-04-11T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93169
published_at	2026-04-12T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93151
published_at	2026-04-02T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93154
published_at	2026-04-04T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93153
published_at	2026-04-07T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93162
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005128
reference_id	2005128
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005128

reference_url

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-34798.json

reference_url

reference_id

CVE-2021-34798

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-34798.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://access.redhat.com/errata/RHSA-2022:0891
reference_id	RHSA-2022:0891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0891

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

reference_url	https://usn.ubuntu.com/5090-2/
reference_id	USN-5090-2
reference_type
scores
url	https://usn.ubuntu.com/5090-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-34798

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd

url VCID-9ych-ybpr-j3h6

vulnerability_id VCID-9ych-ybpr-j3h6

summary Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13950

reference_id

reference_type

scores

value	0.21543
scoring_system	epss
scoring_elements	0.95684
published_at	2026-04-01T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95718
published_at	2026-04-13T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95714
published_at	2026-04-09T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95717
published_at	2026-04-11T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95716
published_at	2026-04-12T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95693
published_at	2026-04-02T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95698
published_at	2026-04-04T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95701
published_at	2026-04-07T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.9571
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966738
reference_id	1966738
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966738

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-13950.json

reference_url

reference_id

CVE-2020-13950

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-13950.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:5163
reference_id	RHSA-2022:5163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5163

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2020-13950

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6

url VCID-a9rw-3s1y-hqd7

vulnerability_id VCID-a9rw-3s1y-hqd7

summary Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10082

reference_id

reference_type

scores

value	0.47892
scoring_system	epss
scoring_elements	0.97695
published_at	2026-04-01T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97717
published_at	2026-04-13T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97707
published_at	2026-04-08T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.9771
published_at	2026-04-09T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97713
published_at	2026-04-11T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97716
published_at	2026-04-12T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97701
published_at	2026-04-02T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97703
published_at	2026-04-04T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97702
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743974
reference_id	1743974
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743974

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2019-10082.json

reference_id

CVE-2019-10082

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10082.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10082

reference_id

CVE-2019-10082

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10082

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

purl pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-7vjg-vetg-p7f6

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-ugdv-apr8-g3bz

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2019-10082

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rw-3s1y-hqd7

url VCID-auhk-ppv5-buaa

vulnerability_id VCID-auhk-ppv5-buaa

summary in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1934

reference_id

reference_type

scores

value	0.38657
scoring_system	epss
scoring_elements	0.97221
published_at	2026-04-01T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97248
published_at	2026-04-13T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97233
published_at	2026-04-07T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97242
published_at	2026-04-08T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97243
published_at	2026-04-09T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97247
published_at	2026-04-11T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97227
published_at	2026-04-02T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97232
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

reference_url	https://security.netapp.com/advisory/ntap-20200413-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200413-0002/

reference_url	https://www.debian.org/security/2020/dsa-4757
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4757

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1820772
reference_id	1820772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1820772

reference_url	https://security.archlinux.org/ASA-202004-14
reference_id	ASA-202004-14
reference_type
scores
url	https://security.archlinux.org/ASA-202004-14

reference_url

reference_id

AVG-1126

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1934.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_id	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

reference_id

CVE-2020-1934

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1934.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1934

reference_id

CVE-2020-1934

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1934

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2020-1934

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa

url VCID-b68y-4prb-bfdk

vulnerability_id VCID-b68y-4prb-bfdk

summary Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31122

reference_id

reference_type

scores

value	0.0043
scoring_system	epss
scoring_elements	0.6251
published_at	2026-04-02T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62559
published_at	2026-04-13T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62543
published_at	2026-04-04T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62508
published_at	2026-04-07T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.6256
published_at	2026-04-08T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62575
published_at	2026-04-09T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62593
published_at	2026-04-11T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62582
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2245332
reference_id	2245332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2245332

reference_url	https://httpd.apache.org/security/json/CVE-2023-31122.json
reference_id	CVE-2023-31122
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-31122.json

reference_url

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

reference_id

msg00013.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

reference_url

https://security.netapp.com/advisory/ntap-20231027-0011/

reference_id

ntap-20231027-0011

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://security.netapp.com/advisory/ntap-20231027-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:1316
reference_id	RHSA-2024:1316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1316

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:2278
reference_id	RHSA-2024:2278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2278

reference_url	https://access.redhat.com/errata/RHSA-2024:3121
reference_id	RHSA-2024:3121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3121

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/

reference_id

TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/

reference_url	https://usn.ubuntu.com/6506-1/
reference_id	USN-6506-1
reference_type
scores
url	https://usn.ubuntu.com/6506-1/

reference_url	https://usn.ubuntu.com/6510-1/
reference_id	USN-6510-1
reference_type
scores
url	https://usn.ubuntu.com/6510-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/

reference_id

VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/

reference_id

ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2023-31122

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b68y-4prb-bfdk

url VCID-bau7-pme5-ckbt

vulnerability_id VCID-bau7-pme5-ckbt

summary

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24795

reference_id

reference_type

scores

value	0.01123
scoring_system	epss
scoring_elements	0.78267
published_at	2026-04-13T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78264
published_at	2026-04-09T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78289
published_at	2026-04-11T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78271
published_at	2026-04-12T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78219
published_at	2026-04-02T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78249
published_at	2026-04-04T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78231
published_at	2026-04-07T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78258
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id	1068412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2273499
reference_id	2273499
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2273499

reference_url	https://httpd.apache.org/security/json/CVE-2024-24795.json
reference_id	CVE-2024-24795
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-24795.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url	https://access.redhat.com/errata/RHSA-2024:9306
reference_id	RHSA-2024:9306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9306

reference_url	https://access.redhat.com/errata/RHSA-2025:3452
reference_id	RHSA-2025:3452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3452

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://usn.ubuntu.com/6729-1/
reference_id	USN-6729-1
reference_type
scores
url	https://usn.ubuntu.com/6729-1/

reference_url	https://usn.ubuntu.com/6729-2/
reference_id	USN-6729-2
reference_type
scores
url	https://usn.ubuntu.com/6729-2/

reference_url	https://usn.ubuntu.com/6729-3/
reference_id	USN-6729-3
reference_type
scores
url	https://usn.ubuntu.com/6729-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-24795

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bau7-pme5-ckbt

url VCID-bvkg-nrwd-e7g8

vulnerability_id VCID-bvkg-nrwd-e7g8

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26690

reference_id

reference_type

scores

value	0.70379
scoring_system	epss
scoring_elements	0.98675
published_at	2026-04-02T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98687
published_at	2026-04-13T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98682
published_at	2026-04-08T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98683
published_at	2026-04-09T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98685
published_at	2026-04-12T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98678
published_at	2026-04-04T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98681
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966729
reference_id	1966729
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966729

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26690.json

reference_url

reference_id

CVE-2021-26690

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26690.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4257
reference_id	RHSA-2021:4257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4257

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-26690

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8

url VCID-cqjv-6m9n-mfeq

vulnerability_id VCID-cqjv-6m9n-mfeq

summary

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).

This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44224

reference_id

reference_type

scores

value	0.1096
scoring_system	epss
scoring_elements	0.93382
published_at	2026-04-01T12:55:00Z

value	0.1096
scoring_system	epss
scoring_elements	0.93414
published_at	2026-04-12T12:55:00Z

value	0.1096
scoring_system	epss
scoring_elements	0.93409
published_at	2026-04-09T12:55:00Z

value	0.1096
scoring_system	epss
scoring_elements	0.93415
published_at	2026-04-13T12:55:00Z

value	0.1096
scoring_system	epss
scoring_elements	0.9339
published_at	2026-04-02T12:55:00Z

value	0.1096
scoring_system	epss
scoring_elements	0.93398
published_at	2026-04-07T12:55:00Z

value	0.1096
scoring_system	epss
scoring_elements	0.93406
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2034672
reference_id	2034672
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2034672

reference_url

https://httpd.apache.org/security/json/CVE-2021-44224.json

reference_id

CVE-2021-44224

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-44224.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5212-1/
reference_id	USN-5212-1
reference_type
scores
url	https://usn.ubuntu.com/5212-1/

reference_url	https://usn.ubuntu.com/5212-2/
reference_id	USN-5212-2
reference_type
scores
url	https://usn.ubuntu.com/5212-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-44224

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjv-6m9n-mfeq

url VCID-d36c-rrxh-ybgv

vulnerability_id VCID-d36c-rrxh-ybgv

summary In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29404

reference_id

reference_type

scores

value	0.0232
scoring_system	epss
scoring_elements	0.84797
published_at	2026-04-13T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84788
published_at	2026-04-09T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84806
published_at	2026-04-11T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84802
published_at	2026-04-12T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84738
published_at	2026-04-02T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84757
published_at	2026-04-04T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84759
published_at	2026-04-07T12:55:00Z

value	0.0232
scoring_system	epss
scoring_elements	0.84781
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2095012
reference_id	2095012
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2095012

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-29404.json

reference_url

reference_id

CVE-2022-29404

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-29404.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-29404

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv

url VCID-db6k-j9mj-e7hy

vulnerability_id VCID-db6k-j9mj-e7hy

summary

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.

This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33193

reference_id

reference_type

scores

value	0.00739
scoring_system	epss
scoring_elements	0.72839
published_at	2026-04-01T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.729
published_at	2026-04-12T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72879
published_at	2026-04-08T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72892
published_at	2026-04-13T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72917
published_at	2026-04-11T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72846
published_at	2026-04-02T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72866
published_at	2026-04-04T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72841
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966728
reference_id	1966728
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966728

reference_url

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-33193.json

reference_url

reference_id

CVE-2021-33193

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-33193.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-33193

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy

url VCID-edvy-cern-6kcu

vulnerability_id VCID-edvy-cern-6kcu

summary

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.




Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
 or ProxyPassMatch in which a non-specific pattern matches
 some portion of the user-supplied request-target (URL) data and is then
 re-inserted into the proxied request-target using variable 
substitution. For example, something like:




RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/


Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25690

reference_id

reference_type

scores

value	0.68183
scoring_system	epss
scoring_elements	0.98587
published_at	2026-04-02T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.98591
published_at	2026-04-04T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.98592
published_at	2026-04-07T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.98595
published_at	2026-04-08T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.98596
published_at	2026-04-09T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.98598
published_at	2026-04-11T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.98599
published_at	2026-04-12T12:55:00Z

value	0.68183
scoring_system	epss
scoring_elements	0.986
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
reference_id	1032476
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2176209
reference_id	2176209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2176209

reference_url

http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html

reference_id

Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-18T15:37:02Z/

url

http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html

reference_url	https://httpd.apache.org/security/json/CVE-2023-25690.json
reference_id	CVE-2023-25690
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-25690.json

reference_url	https://access.redhat.com/errata/RHSA-2023:1547
reference_id	RHSA-2023:1547
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1547

reference_url	https://access.redhat.com/errata/RHSA-2023:1593
reference_id	RHSA-2023:1593
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1593

reference_url	https://access.redhat.com/errata/RHSA-2023:1596
reference_id	RHSA-2023:1596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1596

reference_url	https://access.redhat.com/errata/RHSA-2023:1597
reference_id	RHSA-2023:1597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1597

reference_url	https://access.redhat.com/errata/RHSA-2023:1670
reference_id	RHSA-2023:1670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1670

reference_url	https://access.redhat.com/errata/RHSA-2023:1672
reference_id	RHSA-2023:1672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1672

reference_url	https://access.redhat.com/errata/RHSA-2023:1673
reference_id	RHSA-2023:1673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1673

reference_url	https://access.redhat.com/errata/RHSA-2023:1916
reference_id	RHSA-2023:1916
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1916

reference_url	https://access.redhat.com/errata/RHSA-2023:3292
reference_id	RHSA-2023:3292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3292

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://usn.ubuntu.com/5942-1/
reference_id	USN-5942-1
reference_type
scores
url	https://usn.ubuntu.com/5942-1/

reference_url	https://usn.ubuntu.com/5942-2/
reference_id	USN-5942-2
reference_type
scores
url	https://usn.ubuntu.com/5942-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2023-25690

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edvy-cern-6kcu

url VCID-eesz-v6ae-gya3

vulnerability_id VCID-eesz-v6ae-gya3

summary In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9490

reference_id

reference_type

scores

value	0.76276
scoring_system	epss
scoring_elements	0.98919
published_at	2026-04-01T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98929
published_at	2026-04-13T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98926
published_at	2026-04-09T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98928
published_at	2026-04-11T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.9892
published_at	2026-04-02T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98922
published_at	2026-04-04T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98925
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9490

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1866560
reference_id	1866560
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1866560

reference_url

https://httpd.apache.org/security/json/CVE-2020-9490.json

reference_id

CVE-2020-9490

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-9490.json

reference_url	https://security.gentoo.org/glsa/202008-04
reference_id	GLSA-202008-04
reference_type
scores
url	https://security.gentoo.org/glsa/202008-04

reference_url	https://access.redhat.com/errata/RHSA-2020:3714
reference_id	RHSA-2020:3714
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3714

reference_url	https://access.redhat.com/errata/RHSA-2020:3726
reference_id	RHSA-2020:3726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3726

reference_url	https://access.redhat.com/errata/RHSA-2020:3733
reference_id	RHSA-2020:3733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3733

reference_url	https://access.redhat.com/errata/RHSA-2020:3734
reference_id	RHSA-2020:3734
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3734

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2020-9490

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eesz-v6ae-gya3

url VCID-ej7y-7na3-5qby

vulnerability_id VCID-ej7y-7na3-5qby

summary

Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38474

reference_id

reference_type

scores

value	0.00744
scoring_system	epss
scoring_elements	0.73027
published_at	2026-04-13T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.72979
published_at	2026-04-07T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73016
published_at	2026-04-08T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.7303
published_at	2026-04-09T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73055
published_at	2026-04-11T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73034
published_at	2026-04-12T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.72983
published_at	2026-04-02T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73003
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295013
reference_id	2295013
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295013

reference_url	https://httpd.apache.org/security/json/CVE-2024-38474.json
reference_id	CVE-2024-38474
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-38474.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:02:41Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:4719
reference_id	RHSA-2024:4719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4719

reference_url	https://access.redhat.com/errata/RHSA-2024:4720
reference_id	RHSA-2024:4720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4720

reference_url	https://access.redhat.com/errata/RHSA-2024:4726
reference_id	RHSA-2024:4726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4726

reference_url	https://access.redhat.com/errata/RHSA-2024:4820
reference_id	RHSA-2024:4820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4820

reference_url	https://access.redhat.com/errata/RHSA-2024:4827
reference_id	RHSA-2024:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4827

reference_url	https://access.redhat.com/errata/RHSA-2024:4830
reference_id	RHSA-2024:4830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4830

reference_url	https://access.redhat.com/errata/RHSA-2024:4862
reference_id	RHSA-2024:4862
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4862

reference_url	https://access.redhat.com/errata/RHSA-2024:4863
reference_id	RHSA-2024:4863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4863

reference_url	https://access.redhat.com/errata/RHSA-2024:4938
reference_id	RHSA-2024:4938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4938

reference_url	https://access.redhat.com/errata/RHSA-2024:4943
reference_id	RHSA-2024:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4943

reference_url	https://access.redhat.com/errata/RHSA-2024:5239
reference_id	RHSA-2024:5239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5239

reference_url	https://access.redhat.com/errata/RHSA-2024:5240
reference_id	RHSA-2024:5240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5240

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

reference_url	https://usn.ubuntu.com/6885-3/
reference_id	USN-6885-3
reference_type
scores
url	https://usn.ubuntu.com/6885-3/

reference_url	https://usn.ubuntu.com/6885-5/
reference_id	USN-6885-5
reference_type
scores
url	https://usn.ubuntu.com/6885-5/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-38474

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ej7y-7na3-5qby

url VCID-f2y3-s6j8-7ygr

vulnerability_id VCID-f2y3-s6j8-7ygr

summary Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17567

reference_id

reference_type

scores

value	0.12438
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-01T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93903
published_at	2026-04-12T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93895
published_at	2026-04-08T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93898
published_at	2026-04-09T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93902
published_at	2026-04-13T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93874
published_at	2026-04-02T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93883
published_at	2026-04-04T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93886
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17567

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966740
reference_id	1966740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966740

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-17567.json

reference_url

reference_id

CVE-2019-17567

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-17567.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2019-17567

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr

url VCID-ftjw-9fb6-d3cw

vulnerability_id VCID-ftjw-9fb6-d3cw

summary

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38473

reference_id

reference_type

scores

value	0.88261
scoring_system	epss
scoring_elements	0.99492
published_at	2026-04-13T12:55:00Z

value	0.88261
scoring_system	epss
scoring_elements	0.99486
published_at	2026-04-02T12:55:00Z

value	0.88261
scoring_system	epss
scoring_elements	0.99488
published_at	2026-04-04T12:55:00Z

value	0.88261
scoring_system	epss
scoring_elements	0.9949
published_at	2026-04-07T12:55:00Z

value	0.88261
scoring_system	epss
scoring_elements	0.99491
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295012
reference_id	2295012
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295012

reference_url	https://httpd.apache.org/security/json/CVE-2024-38473.json
reference_id	CVE-2024-38473
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-38473.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T13:55:35Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:4720
reference_id	RHSA-2024:4720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4720

reference_url	https://access.redhat.com/errata/RHSA-2024:4726
reference_id	RHSA-2024:4726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4726

reference_url	https://access.redhat.com/errata/RHSA-2024:5001
reference_id	RHSA-2024:5001
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5001

reference_url	https://access.redhat.com/errata/RHSA-2024:5239
reference_id	RHSA-2024:5239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5239

reference_url	https://access.redhat.com/errata/RHSA-2024:5240
reference_id	RHSA-2024:5240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5240

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-38473

risk_score 10.0

exploitability 2.0

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftjw-9fb6-d3cw

url VCID-fz8c-b8r4-1yb8

vulnerability_id VCID-fz8c-b8r4-1yb8

summary

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.

This issue affects Apache HTTP Server 2.4.54 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-20001

reference_id

reference_type

scores

value	0.00439
scoring_system	epss
scoring_elements	0.63051
published_at	2026-04-01T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.63154
published_at	2026-04-13T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.63157
published_at	2026-04-08T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.63174
published_at	2026-04-09T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.63191
published_at	2026-04-11T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.63176
published_at	2026-04-12T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.6311
published_at	2026-04-02T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.6314
published_at	2026-04-04T12:55:00Z

value	0.00439
scoring_system	epss
scoring_elements	0.63105
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161774
reference_id	2161774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161774

reference_url

reference_id

AVG-2824

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json

reference_url	https://httpd.apache.org/security/json/CVE-2006-20001.json
reference_id	CVE-2006-20001
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2006-20001.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0852
reference_id	RHSA-2023:0852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0852

reference_url	https://access.redhat.com/errata/RHSA-2023:0970
reference_id	RHSA-2023:0970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0970

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://usn.ubuntu.com/5834-1/
reference_id	USN-5834-1
reference_type
scores
url	https://usn.ubuntu.com/5834-1/

reference_url	https://usn.ubuntu.com/5839-1/
reference_id	USN-5839-1
reference_type
scores
url	https://usn.ubuntu.com/5839-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2006-20001

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8

url VCID-g55m-t4s1-nfhv

vulnerability_id VCID-g55m-t4s1-nfhv

summary

Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.

This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23943

reference_id

reference_type

scores

value	0.60552
scoring_system	epss
scoring_elements	0.98286
published_at	2026-04-13T12:55:00Z

value	0.60552
scoring_system	epss
scoring_elements	0.98284
published_at	2026-04-11T12:55:00Z

value	0.60552
scoring_system	epss
scoring_elements	0.98285
published_at	2026-04-12T12:55:00Z

value	0.60552
scoring_system	epss
scoring_elements	0.98273
published_at	2026-04-02T12:55:00Z

value	0.60552
scoring_system	epss
scoring_elements	0.98275
published_at	2026-04-07T12:55:00Z

value	0.60552
scoring_system	epss
scoring_elements	0.9828
published_at	2026-04-08T12:55:00Z

value	0.60552
scoring_system	epss
scoring_elements	0.98281
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23943

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064319
reference_id	2064319
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064319

reference_url

https://httpd.apache.org/security/json/CVE-2022-23943.json

reference_id

CVE-2022-23943

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-23943.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5333-1/
reference_id	USN-5333-1
reference_type
scores
url	https://usn.ubuntu.com/5333-1/

reference_url	https://usn.ubuntu.com/5333-2/
reference_id	USN-5333-2
reference_type
scores
url	https://usn.ubuntu.com/5333-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-23943

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g55m-t4s1-nfhv

url VCID-g6xr-qtwz-2yaq

vulnerability_id VCID-g6xr-qtwz-2yaq

summary Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30641

reference_id

reference_type

scores

value	0.36362
scoring_system	epss
scoring_elements	0.97082
published_at	2026-04-01T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97111
published_at	2026-04-13T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97105
published_at	2026-04-09T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97109
published_at	2026-04-11T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.9711
published_at	2026-04-12T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97089
published_at	2026-04-02T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97094
published_at	2026-04-04T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97095
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966743
reference_id	1966743
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966743

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-30641.json

reference_url

reference_id

CVE-2021-30641

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-30641.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4257
reference_id	RHSA-2021:4257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4257

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-30641

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq

url VCID-gv84-vfvh-y7hu

vulnerability_id VCID-gv84-vfvh-y7hu

summary If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30522

reference_id

reference_type

scores

value	0.11589
scoring_system	epss
scoring_elements	0.93644
published_at	2026-04-13T12:55:00Z

value	0.11589
scoring_system	epss
scoring_elements	0.93636
published_at	2026-04-08T12:55:00Z

value	0.11589
scoring_system	epss
scoring_elements	0.93638
published_at	2026-04-09T12:55:00Z

value	0.11589
scoring_system	epss
scoring_elements	0.93643
published_at	2026-04-12T12:55:00Z

value	0.11589
scoring_system	epss
scoring_elements	0.93616
published_at	2026-04-02T12:55:00Z

value	0.11589
scoring_system	epss
scoring_elements	0.93625
published_at	2026-04-04T12:55:00Z

value	0.11589
scoring_system	epss
scoring_elements	0.93627
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2095015
reference_id	2095015
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2095015

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-30522.json

reference_url

reference_id

CVE-2022-30522

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-30522.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-30522

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu

url VCID-h6kk-81jx-h7b8

vulnerability_id VCID-h6kk-81jx-h7b8

summary Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10098

reference_id

reference_type

scores

value	0.80306
scoring_system	epss
scoring_elements	0.99111
published_at	2026-04-01T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99114
published_at	2026-04-04T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99119
published_at	2026-04-11T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99117
published_at	2026-04-07T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99112
published_at	2026-04-02T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.9912
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	http://www.openwall.com/lists/oss-security/2020/04/01/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/04/01/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743959
reference_id	1743959
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743959

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/
reference_id	CVE-2019-10098
reference_type	exploit
scores
url	https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md
reference_id	CVE-2019-10098
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md

reference_url

https://httpd.apache.org/security/json/CVE-2019-10098.json

reference_id

CVE-2019-10098

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10098.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10098

reference_id

CVE-2019-10098

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10098

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:2263
reference_id	RHSA-2020:2263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2263

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

purl pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-7vjg-vetg-p7f6

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-ugdv-apr8-g3bz

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2019-10098

risk_score 10.0

exploitability 2.0

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6kk-81jx-h7b8

url VCID-hm3f-m22n-u3gy

vulnerability_id VCID-hm3f-m22n-u3gy

summary Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30556

reference_id

reference_type

scores

value	0.00506
scoring_system	epss
scoring_elements	0.66229
published_at	2026-04-13T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66253
published_at	2026-04-09T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66273
published_at	2026-04-11T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.6626
published_at	2026-04-12T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66195
published_at	2026-04-02T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66222
published_at	2026-04-04T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66192
published_at	2026-04-07T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.6624
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30556

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2095018
reference_id	2095018
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2095018

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-30556.json

reference_url

reference_id

CVE-2022-30556

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-30556.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-30556

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy

url VCID-htfx-mahy-9kde

vulnerability_id VCID-htfx-mahy-9kde

summary Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37436

reference_id

reference_type

scores

value	0.00463
scoring_system	epss
scoring_elements	0.64237
published_at	2026-04-13T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64235
published_at	2026-04-04T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64196
published_at	2026-04-07T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64246
published_at	2026-04-08T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64262
published_at	2026-04-09T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64275
published_at	2026-04-11T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64264
published_at	2026-04-12T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64208
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161773
reference_id	2161773
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161773

reference_url

reference_id

AVG-2824

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json

reference_url	https://httpd.apache.org/security/json/CVE-2022-37436.json
reference_id	CVE-2022-37436
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2022-37436.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0852
reference_id	RHSA-2023:0852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0852

reference_url	https://access.redhat.com/errata/RHSA-2023:0970
reference_id	RHSA-2023:0970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0970

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://usn.ubuntu.com/5839-1/
reference_id	USN-5839-1
reference_type
scores
url	https://usn.ubuntu.com/5839-1/

reference_url	https://usn.ubuntu.com/5839-2/
reference_id	USN-5839-2
reference_type
scores
url	https://usn.ubuntu.com/5839-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-37436

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde

url VCID-k4nk-qqxg-s7e6

vulnerability_id VCID-k4nk-qqxg-s7e6

summary Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

references

reference_url

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22720

reference_id

reference_type

scores

value	0.27458
scoring_system	epss
scoring_elements	0.96418
published_at	2026-04-13T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.96414
published_at	2026-04-11T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.96415
published_at	2026-04-12T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.9639
published_at	2026-04-02T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.96395
published_at	2026-04-04T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.96398
published_at	2026-04-07T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.96407
published_at	2026-04-08T12:55:00Z

value	0.27458
scoring_system	epss
scoring_elements	0.96409
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064321
reference_id	2064321
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064321

reference_url

https://httpd.apache.org/security/json/CVE-2022-22720.json

reference_id

CVE-2022-22720

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-22720.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:1045
reference_id	RHSA-2022:1045
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1045

reference_url	https://access.redhat.com/errata/RHSA-2022:1049
reference_id	RHSA-2022:1049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1049

reference_url	https://access.redhat.com/errata/RHSA-2022:1072
reference_id	RHSA-2022:1072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1072

reference_url	https://access.redhat.com/errata/RHSA-2022:1075
reference_id	RHSA-2022:1075
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1075

reference_url	https://access.redhat.com/errata/RHSA-2022:1080
reference_id	RHSA-2022:1080
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1080

reference_url	https://access.redhat.com/errata/RHSA-2022:1102
reference_id	RHSA-2022:1102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1102

reference_url	https://access.redhat.com/errata/RHSA-2022:1136
reference_id	RHSA-2022:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1136

reference_url	https://access.redhat.com/errata/RHSA-2022:1137
reference_id	RHSA-2022:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1137

reference_url	https://access.redhat.com/errata/RHSA-2022:1138
reference_id	RHSA-2022:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1138

reference_url	https://access.redhat.com/errata/RHSA-2022:1139
reference_id	RHSA-2022:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1139

reference_url	https://access.redhat.com/errata/RHSA-2022:1173
reference_id	RHSA-2022:1173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1173

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/5333-1/
reference_id	USN-5333-1
reference_type
scores
url	https://usn.ubuntu.com/5333-1/

reference_url	https://usn.ubuntu.com/5333-2/
reference_id	USN-5333-2
reference_type
scores
url	https://usn.ubuntu.com/5333-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-22720

risk_score 3.8

exploitability 0.5

weighted_severity 7.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4nk-qqxg-s7e6

url VCID-kkuy-1j91-9bb2

vulnerability_id VCID-kkuy-1j91-9bb2

summary

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45802

reference_id

reference_type

scores

value	0.01741
scoring_system	epss
scoring_elements	0.82453
published_at	2026-04-02T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82511
published_at	2026-04-13T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.8252
published_at	2026-04-11T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82516
published_at	2026-04-12T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82471
published_at	2026-04-04T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82467
published_at	2026-04-07T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82495
published_at	2026-04-08T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82501
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2243877
reference_id	2243877
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2243877

reference_url	https://httpd.apache.org/security/json/CVE-2023-45802.json
reference_id	CVE-2023-45802
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-45802.json

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:2368
reference_id	RHSA-2024:2368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2368

reference_url	https://access.redhat.com/errata/RHSA-2024:2891
reference_id	RHSA-2024:2891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2891

reference_url	https://access.redhat.com/errata/RHSA-2024:3121
reference_id	RHSA-2024:3121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3121

reference_url	https://usn.ubuntu.com/6506-1/
reference_id	USN-6506-1
reference_type
scores
url	https://usn.ubuntu.com/6506-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2023-45802

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2

url VCID-mtg7-8556-kbgd

vulnerability_id VCID-mtg7-8556-kbgd

summary

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.

This issue affects Apache HTTP Server 2.4.48 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40438

reference_id

reference_type

scores

value	0.94432
scoring_system	epss
scoring_elements	0.99985
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005117
reference_id	2005117
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005117

reference_url

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

reference_url

reference_id

cisco-sa-apache-httpd-2.4.49-VWL69sWQ

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

reference_url

https://httpd.apache.org/security/json/CVE-2021-40438.json

reference_id

CVE-2021-40438

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-40438.json

reference_url

https://www.debian.org/security/2021/dsa-4982

reference_id

dsa-4982

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://www.debian.org/security/2021/dsa-4982

reference_url

reference_id

GLSA-202208-20

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html

reference_url

reference_id

msg00001.html

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html

reference_url

https://security.netapp.com/advisory/ntap-20211008-0004/

reference_id

ntap-20211008-0004

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://security.netapp.com/advisory/ntap-20211008-0004/

reference_url

https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E

reference_id

r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E

reference_id

r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E

reference_id

r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E

reference_id

r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

reference_id

r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E

reference_id

r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E

reference_id

rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E

reference_url	https://access.redhat.com/errata/RHSA-2021:3745
reference_id	RHSA-2021:3745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3745

reference_url	https://access.redhat.com/errata/RHSA-2021:3746
reference_id	RHSA-2021:3746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3746

reference_url	https://access.redhat.com/errata/RHSA-2021:3754
reference_id	RHSA-2021:3754
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3754

reference_url	https://access.redhat.com/errata/RHSA-2021:3816
reference_id	RHSA-2021:3816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3816

reference_url	https://access.redhat.com/errata/RHSA-2021:3836
reference_id	RHSA-2021:3836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3836

reference_url	https://access.redhat.com/errata/RHSA-2021:3837
reference_id	RHSA-2021:3837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3837

reference_url	https://access.redhat.com/errata/RHSA-2021:3856
reference_id	RHSA-2021:3856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3856

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

reference_id

SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf

reference_id

ssa-685781.pdf

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf

reference_url

https://www.tenable.com/security/tns-2021-17

reference_id

tns-2021-17

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://www.tenable.com/security/tns-2021-17

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

reference_url	https://usn.ubuntu.com/5090-2/
reference_id	USN-5090-2
reference_type
scores
url	https://usn.ubuntu.com/5090-2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

reference_id

ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-40438

risk_score 10.0

exploitability 2.0

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd

url VCID-na94-5565-dyfc

vulnerability_id VCID-na94-5565-dyfc

summary

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.

Modules compiled and distributed separately from Apache HTTP Server that use the "ap_rputs" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-28614

reference_id

reference_type

scores

value	0.00593
scoring_system	epss
scoring_elements	0.69266
published_at	2026-04-13T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69289
published_at	2026-04-09T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69311
published_at	2026-04-11T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69295
published_at	2026-04-12T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.6922
published_at	2026-04-02T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.6924
published_at	2026-04-04T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69221
published_at	2026-04-07T12:55:00Z

value	0.00593
scoring_system	epss
scoring_elements	0.69271
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-28614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2095002
reference_id	2095002
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2095002

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-28614.json

reference_url

reference_id

CVE-2022-28614

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-28614.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-28614

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc

url VCID-p2a1-afnh-7qca

vulnerability_id VCID-p2a1-afnh-7qca

summary

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin server/application.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31813

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11522
published_at	2026-04-11T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11369
published_at	2026-04-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11453
published_at	2026-04-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11511
published_at	2026-04-09T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13255
published_at	2026-04-13T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13379
published_at	2026-04-02T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13443
published_at	2026-04-04T12:55:00Z

value	0.00043
scoring_system	epss
scoring_elements	0.13305
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31813

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2095020
reference_id	2095020
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2095020

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-31813.json

reference_url

reference_id

CVE-2022-31813

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-31813.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-31813

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca

url VCID-pjxs-hnjr-duey

vulnerability_id VCID-pjxs-hnjr-duey

summary

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-38477

reference_id

reference_type

scores

value	0.01148
scoring_system	epss
scoring_elements	0.78479
published_at	2026-04-12T12:55:00Z

value	0.01148
scoring_system	epss
scoring_elements	0.78472
published_at	2026-04-13T12:55:00Z

value	0.01148
scoring_system	epss
scoring_elements	0.78498
published_at	2026-04-11T12:55:00Z

value	0.01347
scoring_system	epss
scoring_elements	0.80057
published_at	2026-04-04T12:55:00Z

value	0.01347
scoring_system	epss
scoring_elements	0.80036
published_at	2026-04-02T12:55:00Z

value	0.01347
scoring_system	epss
scoring_elements	0.80046
published_at	2026-04-07T12:55:00Z

value	0.01347
scoring_system	epss
scoring_elements	0.80075
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295016
reference_id	2295016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295016

reference_url	https://httpd.apache.org/security/json/CVE-2024-38477.json
reference_id	CVE-2024-38477
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-38477.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:23:13Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:4719
reference_id	RHSA-2024:4719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4719

reference_url	https://access.redhat.com/errata/RHSA-2024:4720
reference_id	RHSA-2024:4720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4720

reference_url	https://access.redhat.com/errata/RHSA-2024:4726
reference_id	RHSA-2024:4726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4726

reference_url	https://access.redhat.com/errata/RHSA-2024:4820
reference_id	RHSA-2024:4820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4820

reference_url	https://access.redhat.com/errata/RHSA-2024:4827
reference_id	RHSA-2024:4827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4827

reference_url	https://access.redhat.com/errata/RHSA-2024:4830
reference_id	RHSA-2024:4830
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4830

reference_url	https://access.redhat.com/errata/RHSA-2024:4862
reference_id	RHSA-2024:4862
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4862

reference_url	https://access.redhat.com/errata/RHSA-2024:4863
reference_id	RHSA-2024:4863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4863

reference_url	https://access.redhat.com/errata/RHSA-2024:4938
reference_id	RHSA-2024:4938
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4938

reference_url	https://access.redhat.com/errata/RHSA-2024:4943
reference_id	RHSA-2024:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4943

reference_url	https://access.redhat.com/errata/RHSA-2024:5239
reference_id	RHSA-2024:5239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5239

reference_url	https://access.redhat.com/errata/RHSA-2024:5240
reference_id	RHSA-2024:5240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5240

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

reference_url	https://usn.ubuntu.com/6885-3/
reference_id	USN-6885-3
reference_type
scores
url	https://usn.ubuntu.com/6885-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-38477

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjxs-hnjr-duey

url VCID-pnc8-bb23-vqh1

vulnerability_id VCID-pnc8-bb23-vqh1

summary

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.

This issue affects Apache HTTP Server 2.4.52 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22719

reference_id

reference_type

scores

value	0.29312
scoring_system	epss
scoring_elements	0.96593
published_at	2026-04-11T12:55:00Z

value	0.29312
scoring_system	epss
scoring_elements	0.96591
published_at	2026-04-09T12:55:00Z

value	0.29312
scoring_system	epss
scoring_elements	0.96578
published_at	2026-04-04T12:55:00Z

value	0.29312
scoring_system	epss
scoring_elements	0.96581
published_at	2026-04-07T12:55:00Z

value	0.29312
scoring_system	epss
scoring_elements	0.96589
published_at	2026-04-08T12:55:00Z

value	0.29312
scoring_system	epss
scoring_elements	0.96573
published_at	2026-04-02T12:55:00Z

value	0.29423
scoring_system	epss
scoring_elements	0.96602
published_at	2026-04-13T12:55:00Z

value	0.29423
scoring_system	epss
scoring_elements	0.96599
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22719

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064322
reference_id	2064322
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064322

reference_url

https://httpd.apache.org/security/json/CVE-2022-22719.json

reference_id

CVE-2022-22719

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-22719.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://usn.ubuntu.com/5333-1/
reference_id	USN-5333-1
reference_type
scores
url	https://usn.ubuntu.com/5333-1/

reference_url	https://usn.ubuntu.com/5333-2/
reference_id	USN-5333-2
reference_type
scores
url	https://usn.ubuntu.com/5333-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-22719

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnc8-bb23-vqh1

url VCID-pz6f-mahv-hue8

vulnerability_id VCID-pz6f-mahv-hue8

summary

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.61, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-39884

reference_id

reference_type

scores

value	0.00246
scoring_system	epss
scoring_elements	0.47857
published_at	2026-04-13T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47828
published_at	2026-04-02T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.4785
published_at	2026-04-04T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47799
published_at	2026-04-07T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47851
published_at	2026-04-08T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47847
published_at	2026-04-12T12:55:00Z

value	0.00246
scoring_system	epss
scoring_elements	0.47871
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-39884

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295761
reference_id	2295761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295761

reference_url

http://www.openwall.com/lists/oss-security/2024/07/17/6

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/

url

http://www.openwall.com/lists/oss-security/2024/07/17/6

reference_url	https://httpd.apache.org/security/json/CVE-2024-39884.json
reference_id	CVE-2024-39884
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-39884.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0002/

reference_id

ntap-20240712-0002

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/

url

https://security.netapp.com/advisory/ntap-20240712-0002/

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-39884

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6f-mahv-hue8

url VCID-qjeh-n57t-y7g5

vulnerability_id VCID-qjeh-n57t-y7g5

summary

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.62, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-40725

reference_id

reference_type

scores

value	0.25097
scoring_system	epss
scoring_elements	0.96177
published_at	2026-04-13T12:55:00Z

value	0.25097
scoring_system	epss
scoring_elements	0.96159
published_at	2026-04-07T12:55:00Z

value	0.25097
scoring_system	epss
scoring_elements	0.96169
published_at	2026-04-08T12:55:00Z

value	0.25097
scoring_system	epss
scoring_elements	0.96173
published_at	2026-04-09T12:55:00Z

value	0.25097
scoring_system	epss
scoring_elements	0.96175
published_at	2026-04-12T12:55:00Z

value	0.25097
scoring_system	epss
scoring_elements	0.96154
published_at	2026-04-04T12:55:00Z

value	0.26567
scoring_system	epss
scoring_elements	0.96301
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-40725

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2297362
reference_id	2297362
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2297362

reference_url	https://httpd.apache.org/security/json/CVE-2024-40725.json
reference_id	CVE-2024-40725
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-40725.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url	https://usn.ubuntu.com/6902-1/
reference_id	USN-6902-1
reference_type
scores
url	https://usn.ubuntu.com/6902-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-40725

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjeh-n57t-y7g5

url VCID-qm7e-n9ay-hufy

vulnerability_id VCID-qm7e-n9ay-hufy

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26377

reference_id

reference_type

scores

value	0.39296
scoring_system	epss
scoring_elements	0.97289
published_at	2026-04-13T12:55:00Z

value	0.39296
scoring_system	epss
scoring_elements	0.97287
published_at	2026-04-11T12:55:00Z

value	0.39296
scoring_system	epss
scoring_elements	0.97288
published_at	2026-04-12T12:55:00Z

value	0.3988
scoring_system	epss
scoring_elements	0.97321
published_at	2026-04-09T12:55:00Z

value	0.3988
scoring_system	epss
scoring_elements	0.97314
published_at	2026-04-07T12:55:00Z

value	0.3988
scoring_system	epss
scoring_elements	0.97308
published_at	2026-04-02T12:55:00Z

value	0.3988
scoring_system	epss
scoring_elements	0.97313
published_at	2026-04-04T12:55:00Z

value	0.3988
scoring_system	epss
scoring_elements	0.9732
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26377

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513
reference_id	1012513
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2094997
reference_id	2094997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2094997

reference_url

reference_id

AVG-2763

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-26377.json

reference_url

reference_id

CVE-2022-26377

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-26377.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5487-1/
reference_id	USN-5487-1
reference_type
scores
url	https://usn.ubuntu.com/5487-1/

reference_url	https://usn.ubuntu.com/5487-3/
reference_id	USN-5487-3
reference_type
scores
url	https://usn.ubuntu.com/5487-3/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-26377

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy

url VCID-r2pc-wuzb-h7hk

vulnerability_id VCID-r2pc-wuzb-h7hk

summary Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-36387

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.3415
published_at	2026-04-13T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34143
published_at	2026-04-07T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34186
published_at	2026-04-08T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34215
published_at	2026-04-09T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34216
published_at	2026-04-11T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34173
published_at	2026-04-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34247
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.3428
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2295006
reference_id	2295006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2295006

reference_url	https://httpd.apache.org/security/json/CVE-2024-36387.json
reference_id	CVE-2024-36387
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-36387.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_id

ntap-20240712-0001

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:22:03Z/

url

https://security.netapp.com/advisory/ntap-20240712-0001/

reference_url	https://access.redhat.com/errata/RHSA-2024:8680
reference_id	RHSA-2024:8680
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8680

reference_url	https://access.redhat.com/errata/RHSA-2025:3452
reference_id	RHSA-2025:3452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3452

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://usn.ubuntu.com/6885-1/
reference_id	USN-6885-1
reference_type
scores
url	https://usn.ubuntu.com/6885-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2024-36387

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2pc-wuzb-h7hk

url VCID-rdtq-8ng5-53fn

vulnerability_id VCID-rdtq-8ng5-53fn

summary

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).

This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36160

reference_id

reference_type

scores

value	0.03716
scoring_system	epss
scoring_elements	0.8792
published_at	2026-04-01T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87977
published_at	2026-04-13T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87974
published_at	2026-04-09T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87985
published_at	2026-04-11T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87978
published_at	2026-04-12T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.8793
published_at	2026-04-02T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87943
published_at	2026-04-04T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87947
published_at	2026-04-07T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87968
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005124
reference_id	2005124
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005124

reference_url

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-36160.json

reference_url

reference_id

CVE-2021-36160

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-36160.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-36160

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn

url VCID-t67v-c4gx-ukbj

vulnerability_id VCID-t67v-c4gx-ukbj

summary In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11984

reference_id

reference_type

scores

value	0.75348
scoring_system	epss
scoring_elements	0.98877
published_at	2026-04-01T12:55:00Z

value	0.75348
scoring_system	epss
scoring_elements	0.98887
published_at	2026-04-13T12:55:00Z

value	0.75348
scoring_system	epss
scoring_elements	0.98885
published_at	2026-04-08T12:55:00Z

value	0.75348
scoring_system	epss
scoring_elements	0.98886
published_at	2026-04-12T12:55:00Z

value	0.75348
scoring_system	epss
scoring_elements	0.98879
published_at	2026-04-02T12:55:00Z

value	0.75348
scoring_system	epss
scoring_elements	0.98881
published_at	2026-04-04T12:55:00Z

value	0.75348
scoring_system	epss
scoring_elements	0.98883
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1866563
reference_id	1866563
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1866563

reference_url

https://httpd.apache.org/security/json/CVE-2020-11984.json

reference_id

CVE-2020-11984

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-11984.json

reference_url	https://security.gentoo.org/glsa/202008-04
reference_id	GLSA-202008-04
reference_type
scores
url	https://security.gentoo.org/glsa/202008-04

reference_url	https://access.redhat.com/errata/RHSA-2020:4383
reference_id	RHSA-2020:4383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4383

reference_url	https://access.redhat.com/errata/RHSA-2020:4384
reference_id	RHSA-2020:4384
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4384

reference_url	https://access.redhat.com/errata/RHSA-2021:1809
reference_id	RHSA-2021:1809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1809

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

reference_url	https://usn.ubuntu.com/5054-1/
reference_id	USN-5054-1
reference_type
scores
url	https://usn.ubuntu.com/5054-1/

reference_url	https://usn.ubuntu.com/USN-5054-2/
reference_id	USN-USN-5054-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5054-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2020-11984

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t67v-c4gx-ukbj

url VCID-v41h-pbbe-zfas

vulnerability_id VCID-v41h-pbbe-zfas

summary HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10081

reference_id

reference_type

scores

value	0.28784
scoring_system	epss
scoring_elements	0.96516
published_at	2026-04-01T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96549
published_at	2026-04-13T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96544
published_at	2026-04-09T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96546
published_at	2026-04-12T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96525
published_at	2026-04-02T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96529
published_at	2026-04-04T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96533
published_at	2026-04-07T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96542
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743966
reference_id	1743966
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743966

reference_url

https://httpd.apache.org/security/json/CVE-2019-10081.json

reference_id

CVE-2019-10081

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10081.json

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

purl pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-7vjg-vetg-p7f6

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-ugdv-apr8-g3bz

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2019-10081

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v41h-pbbe-zfas

url VCID-wrw6-uzz4-rkfb

vulnerability_id VCID-wrw6-uzz4-rkfb

summary

ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  
No included modules pass untrusted data to these functions, but third-party / external modules may.

This issue affects Apache HTTP Server 2.4.48 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39275

reference_id

reference_type

scores

value	0.37674
scoring_system	epss
scoring_elements	0.97171
published_at	2026-04-01T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97199
published_at	2026-04-13T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97193
published_at	2026-04-08T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97194
published_at	2026-04-09T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97198
published_at	2026-04-11T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97177
published_at	2026-04-02T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97183
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005119
reference_id	2005119
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005119

reference_url

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-39275.json

reference_url

reference_id

CVE-2021-39275

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-39275.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://access.redhat.com/errata/RHSA-2022:0891
reference_id	RHSA-2022:0891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0891

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

reference_url	https://usn.ubuntu.com/5090-2/
reference_id	USN-5090-2
reference_type
scores
url	https://usn.ubuntu.com/5090-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

purl pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-2e6w-fs4j-17g9

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4c3m-m6ku-kbhq

vulnerability	VCID-4d3t-es7p-9qhn

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6b7y-562y-suce

vulnerability	VCID-6qk8-1cj1-4fh7

vulnerability	VCID-6tgh-b4td-63f5

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-8edq-8rvq-rkf1

vulnerability	VCID-8nw9-zpxn-ckab

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-b68y-4prb-bfdk

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-bau7-pme5-ckbt

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-cqjv-6m9n-mfeq

vulnerability	VCID-d36c-rrxh-ybgv

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-edvy-cern-6kcu

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ej7y-7na3-5qby

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ftjw-9fb6-d3cw

vulnerability	VCID-fz8c-b8r4-1yb8

vulnerability	VCID-g55m-t4s1-nfhv

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-gv84-vfvh-y7hu

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-hm3f-m22n-u3gy

vulnerability	VCID-htfx-mahy-9kde

vulnerability	VCID-k4nk-qqxg-s7e6

vulnerability	VCID-kkuy-1j91-9bb2

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-na94-5565-dyfc

vulnerability	VCID-p2a1-afnh-7qca

vulnerability	VCID-pjxs-hnjr-duey

vulnerability	VCID-pnc8-bb23-vqh1

vulnerability	VCID-pz6f-mahv-hue8

vulnerability	VCID-qjeh-n57t-y7g5

vulnerability	VCID-qm7e-n9ay-hufy

vulnerability	VCID-r2pc-wuzb-h7hk

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-wrw6-uzz4-rkfb

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-xfm9-e5nr-wyat

vulnerability	VCID-xhyc-9rpu-2bc8

vulnerability	VCID-xnfs-bpwj-3ycp

vulnerability	VCID-xwnu-h1xh-3bg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2021-39275

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb

url VCID-xfm9-e5nr-wyat

vulnerability_id VCID-xfm9-e5nr-wyat

summary

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

This issue affects Apache HTTP Server 2.4.52 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22721

reference_id

reference_type

scores

value	0.13159
scoring_system	epss
scoring_elements	0.94126
published_at	2026-04-11T12:55:00Z

value	0.13159
scoring_system	epss
scoring_elements	0.94121
published_at	2026-04-09T12:55:00Z

value	0.13159
scoring_system	epss
scoring_elements	0.94104
published_at	2026-04-04T12:55:00Z

value	0.13159
scoring_system	epss
scoring_elements	0.94108
published_at	2026-04-07T12:55:00Z

value	0.13159
scoring_system	epss
scoring_elements	0.94117
published_at	2026-04-08T12:55:00Z

value	0.13159
scoring_system	epss
scoring_elements	0.94093
published_at	2026-04-02T12:55:00Z

value	0.13224
scoring_system	epss
scoring_elements	0.94143
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22721

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064320
reference_id	2064320
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064320

reference_url

https://httpd.apache.org/security/json/CVE-2022-22721.json

reference_id

CVE-2022-22721

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2022-22721.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7647
reference_id	RHSA-2022:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7647

reference_url	https://access.redhat.com/errata/RHSA-2022:8067
reference_id	RHSA-2022:8067
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8067

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5333-1/
reference_id	USN-5333-1
reference_type
scores
url	https://usn.ubuntu.com/5333-1/

reference_url	https://usn.ubuntu.com/5333-2/
reference_id	USN-5333-2
reference_type
scores
url	https://usn.ubuntu.com/5333-2/

fixed_packages

url pkg:deb/debian/apache2@2.4.62-1~deb11u1

purl pkg:deb/debian/apache2@2.4.62-1~deb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d8p-bbc1-hkfa

vulnerability	VCID-3ay7-bwah-2yd1

vulnerability	VCID-9tez-97xg-z3bs

vulnerability	VCID-b9ks-detx-nkdw

vulnerability	VCID-fsh3-7b9j-dfgf

vulnerability	VCID-ha7f-21gy-3qa2

vulnerability	VCID-r471-g9xs-sbga

vulnerability	VCID-td8g-tmny-jyaa

vulnerability	VCID-varh-ysfr-euc8

vulnerability	VCID-ww49-y35r-ykdd

vulnerability	VCID-zxet-n94k-57ge

vulnerability	VCID-zyyh-n42k-8bhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1

aliases CVE-2022-22721

risk_score 3.4

exploitability 0.5

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfm9-e5nr-wyat

url VCID-xhyc-9rpu-2bc8

vulnerability_id VCID-xhyc-9rpu-2bc8

summary

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38709

reference_id

reference_type

scores

value	0.03255
scoring_system	epss
scoring_elements	0.87129
published_at	2026-04-13T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.8714
published_at	2026-04-11T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.87134
published_at	2026-04-12T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87294
published_at	2026-04-08T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87277
published_at	2026-04-04T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87261
published_at	2026-04-02T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87275
published_at	2026-04-07T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87302
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id	1068412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

http://www.openwall.com/lists/oss-security/2024/04/04/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2273491
reference_id	2273491
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2273491

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

http://www.openwall.com/lists/oss-security/2024/04/04/3

reference_url	https://httpd.apache.org/security/json/CVE-2023-38709.json
reference_id	CVE-2023-38709
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-38709.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

reference_id

HT214119

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url