Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/113202?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/113202?format=api", "purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs?arch=el7", "type": "rpm", "namespace": "redhat", "name": "jbcs-httpd24-httpd", "version": "2.4.23-120.jbcs", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3760?format=api", "vulnerability_id": "VCID-2nmh-7tfa-zyb2", "summary": "Prior to Apache HTTP release 2.4.25, mod_sessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. An authentication tag (SipHash MAC) is now added to prevent such attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97392", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97418", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97416", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97417", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97399", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97403", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97406", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97413", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97414", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", "reference_id": "1406744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py", "reference_id": "CVE-2016-0736", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-0736.json", "reference_id": "CVE-2016-0736", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-0736.json" }, { "reference_url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", "reference_id": "CVE-2016-0736", "reference_type": "exploit", "scores": [], "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://usn.ubuntu.com/3279-1/", "reference_id": "USN-3279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3279-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-0736" ], "risk_score": 9.8, "exploitability": "2.0", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nmh-7tfa-zyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62397?format=api", "vulnerability_id": "VCID-nsjj-szaq-1kgd", "summary": "Multiple vulnerabilities have been found in OpenSSL, the worst of\n which allows attackers to conduct a time based side-channel attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95133", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95169", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95159", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95165", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95144", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18043", "scoring_system": "epss", "scoring_elements": "0.95155", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600", "reference_id": "1377600", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377600" }, { "reference_url": "https://security.archlinux.org/ASA-201609-23", "reference_id": "ASA-201609-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-23" }, { "reference_url": "https://security.archlinux.org/ASA-201609-24", "reference_id": "ASA-201609-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-24" }, { "reference_url": "https://security.archlinux.org/AVG-29", "reference_id": "AVG-29", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-29" }, { "reference_url": "https://security.archlinux.org/AVG-30", "reference_id": "AVG-30", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-30" }, { "reference_url": "https://security.gentoo.org/glsa/201612-16", "reference_id": "GLSA-201612-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201612-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1940", "reference_id": "RHSA-2016:1940", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1940" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2802", "reference_id": "RHSA-2016:2802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1658", "reference_id": "RHSA-2017:1658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1659", "reference_id": "RHSA-2017:1659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1659" }, { "reference_url": "https://usn.ubuntu.com/3087-1/", "reference_id": "USN-3087-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3087-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-6304" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsjj-szaq-1kgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82208?format=api", "vulnerability_id": "VCID-pbjc-7myj-tqas", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8610.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8610.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.98698", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.98711", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.98707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.9871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.98699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.98703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.7113", "scoring_system": "epss", "scoring_elements": "0.98706", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743", "reference_id": "1384743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0286", "reference_id": "RHSA-2017:0286", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0286" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0574", "reference_id": "RHSA-2017:0574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1658", "reference_id": "RHSA-2017:1658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1659", "reference_id": "RHSA-2017:1659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1659" }, { "reference_url": "https://usn.ubuntu.com/3181-1/", "reference_id": "USN-3181-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3181-1/" }, { "reference_url": "https://usn.ubuntu.com/3183-1/", "reference_id": "USN-3183-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3183-1/" }, { "reference_url": "https://usn.ubuntu.com/3183-2/", "reference_id": "USN-3183-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3183-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8610" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbjc-7myj-tqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3767?format=api", "vulnerability_id": "VCID-pc2n-ga7g-byga", "summary": "Apache HTTP Server, prior to release 2.4.25 (and 2.2.32), accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member \"the_request\", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines.\nRFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace.\nThese defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent.\nThese defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive; HttpProtocolOptions Strict which is the default behavior of 2.4.25 and later.\nBy toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92291", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.9233", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92322", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92298", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92304", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92307", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08406", "scoring_system": "epss", "scoring_elements": "0.92318", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", "reference_id": "1406822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-8743.json", "reference_id": "CVE-2016-8743", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-8743.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1721", "reference_id": "RHSA-2017:1721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1721" }, { "reference_url": "https://usn.ubuntu.com/3279-1/", "reference_id": "USN-3279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3279-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8743" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pc2n-ga7g-byga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3762?format=api", "vulnerability_id": "VCID-rfqy-e7pv-dyfy", "summary": "Malicious input to mod_auth_digest will cause the server to crash, and each instance continues to crash even for subsequently valid requests.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96873", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96905", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96902", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96904", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.9688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96885", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.9689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96898", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33186", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", "reference_id": "1406753", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-2161.json", "reference_id": "CVE-2016-2161", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-2161.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://usn.ubuntu.com/3279-1/", "reference_id": "USN-3279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3279-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-2161" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqy-e7pv-dyfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3766?format=api", "vulnerability_id": "VCID-tkm7-pyue-7ffj", "summary": "The HTTP/2 protocol implementation (mod_http2) had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8740.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8740.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98589", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98602", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.9859", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98595", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98598", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.68259", "scoring_system": "epss", "scoring_elements": "0.98599", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528", "reference_id": "1401528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1401528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124", "reference_id": "847124", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40909.py", "reference_id": "CVE-2016-8740", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40909.py" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-8740.json", "reference_id": "CVE-2016-8740", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-8740.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" } ], "fixed_packages": [], "aliases": [ "CVE-2016-8740" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkm7-pyue-7ffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82207?format=api", "vulnerability_id": "VCID-zypm-ffez-dqbz", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.5613", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56264", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56296", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56307", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56282", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.5624", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.5626", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56291", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120", "reference_id": "1412120", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412120" }, { "reference_url": "https://security.archlinux.org/AVG-140", "reference_id": "AVG-140", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-140" }, { "reference_url": "https://security.archlinux.org/AVG-141", "reference_id": "AVG-141", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://usn.ubuntu.com/3181-1/", "reference_id": "USN-3181-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3181-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2016-7056" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zypm-ffez-dqbz" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.23-120.jbcs%3Farch=el7" }