Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/httpd24-httpd@2.4.12-6.el7?arch=1
Typerpm
Namespaceredhat
Namehttpd24-httpd
Version2.4.12-6.el7
Qualifiers
arch 1
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3wuk-hwg1-6fa6
vulnerability_id VCID-3wuk-hwg1-6fa6
summary A design error in the "ap_some_auth_required" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3185
reference_id
reference_type
scores
0
value 0.09491
scoring_system epss
scoring_elements 0.92802
published_at 2026-04-01T12:55:00Z
1
value 0.09491
scoring_system epss
scoring_elements 0.92809
published_at 2026-04-02T12:55:00Z
2
value 0.09491
scoring_system epss
scoring_elements 0.92814
published_at 2026-04-04T12:55:00Z
3
value 0.09491
scoring_system epss
scoring_elements 0.92812
published_at 2026-04-07T12:55:00Z
4
value 0.09491
scoring_system epss
scoring_elements 0.92821
published_at 2026-04-08T12:55:00Z
5
value 0.09491
scoring_system epss
scoring_elements 0.92825
published_at 2026-04-09T12:55:00Z
6
value 0.09491
scoring_system epss
scoring_elements 0.92829
published_at 2026-04-13T12:55:00Z
7
value 0.09491
scoring_system epss
scoring_elements 0.92839
published_at 2026-04-16T12:55:00Z
8
value 0.09491
scoring_system epss
scoring_elements 0.9284
published_at 2026-04-18T12:55:00Z
9
value 0.09491
scoring_system epss
scoring_elements 0.92845
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3185
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1243888
reference_id 1243888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1243888
5
reference_url https://httpd.apache.org/security/json/CVE-2015-3185.json
reference_id CVE-2015-3185
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2015-3185.json
6
reference_url https://access.redhat.com/errata/RHSA-2015:1666
reference_id RHSA-2015:1666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1666
7
reference_url https://access.redhat.com/errata/RHSA-2015:1667
reference_id RHSA-2015:1667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1667
8
reference_url https://access.redhat.com/errata/RHSA-2016:2957
reference_id RHSA-2016:2957
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2957
9
reference_url https://access.redhat.com/errata/RHSA-2017:2708
reference_id RHSA-2017:2708
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2708
10
reference_url https://access.redhat.com/errata/RHSA-2017:2709
reference_id RHSA-2017:2709
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2709
11
reference_url https://access.redhat.com/errata/RHSA-2017:2710
reference_id RHSA-2017:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2017:2710
12
reference_url https://usn.ubuntu.com/2686-1/
reference_id USN-2686-1
reference_type
scores
url https://usn.ubuntu.com/2686-1/
fixed_packages
aliases CVE-2015-3185
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wuk-hwg1-6fa6
1
url VCID-gqat-458a-67g2
vulnerability_id VCID-gqat-458a-67g2
summary A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0228.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0228.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0228
reference_id
reference_type
scores
0
value 0.18715
scoring_system epss
scoring_elements 0.95297
published_at 2026-04-21T12:55:00Z
1
value 0.18715
scoring_system epss
scoring_elements 0.95245
published_at 2026-04-01T12:55:00Z
2
value 0.18715
scoring_system epss
scoring_elements 0.95257
published_at 2026-04-02T12:55:00Z
3
value 0.18715
scoring_system epss
scoring_elements 0.9526
published_at 2026-04-04T12:55:00Z
4
value 0.18715
scoring_system epss
scoring_elements 0.95264
published_at 2026-04-07T12:55:00Z
5
value 0.18715
scoring_system epss
scoring_elements 0.95272
published_at 2026-04-08T12:55:00Z
6
value 0.18715
scoring_system epss
scoring_elements 0.95275
published_at 2026-04-09T12:55:00Z
7
value 0.18715
scoring_system epss
scoring_elements 0.9528
published_at 2026-04-12T12:55:00Z
8
value 0.18715
scoring_system epss
scoring_elements 0.95283
published_at 2026-04-13T12:55:00Z
9
value 0.18715
scoring_system epss
scoring_elements 0.95291
published_at 2026-04-16T12:55:00Z
10
value 0.18715
scoring_system epss
scoring_elements 0.95295
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0228
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1202988
reference_id 1202988
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1202988
4
reference_url https://httpd.apache.org/security/json/CVE-2015-0228.json
reference_id CVE-2015-0228
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2015-0228.json
5
reference_url https://access.redhat.com/errata/RHSA-2015:1666
reference_id RHSA-2015:1666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1666
6
reference_url https://usn.ubuntu.com/2523-1/
reference_id USN-2523-1
reference_type
scores
url https://usn.ubuntu.com/2523-1/
fixed_packages
aliases CVE-2015-0228
risk_score 1.1
exploitability 0.5
weighted_severity 2.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gqat-458a-67g2
2
url VCID-k4kb-21tp-4kc8
vulnerability_id VCID-k4kb-21tp-4kc8
summary An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3183
reference_id
reference_type
scores
0
value 0.28343
scoring_system epss
scoring_elements 0.96477
published_at 2026-04-01T12:55:00Z
1
value 0.28343
scoring_system epss
scoring_elements 0.96485
published_at 2026-04-02T12:55:00Z
2
value 0.28343
scoring_system epss
scoring_elements 0.96489
published_at 2026-04-04T12:55:00Z
3
value 0.28343
scoring_system epss
scoring_elements 0.96494
published_at 2026-04-07T12:55:00Z
4
value 0.28343
scoring_system epss
scoring_elements 0.96502
published_at 2026-04-08T12:55:00Z
5
value 0.28343
scoring_system epss
scoring_elements 0.96505
published_at 2026-04-09T12:55:00Z
6
value 0.28343
scoring_system epss
scoring_elements 0.96508
published_at 2026-04-12T12:55:00Z
7
value 0.28343
scoring_system epss
scoring_elements 0.96511
published_at 2026-04-13T12:55:00Z
8
value 0.28343
scoring_system epss
scoring_elements 0.96517
published_at 2026-04-16T12:55:00Z
9
value 0.28343
scoring_system epss
scoring_elements 0.96523
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3183
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1243887
reference_id 1243887
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1243887
5
reference_url https://httpd.apache.org/security/json/CVE-2015-3183.json
reference_id CVE-2015-3183
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2015-3183.json
6
reference_url https://security.gentoo.org/glsa/201610-02
reference_id GLSA-201610-02
reference_type
scores
url https://security.gentoo.org/glsa/201610-02
7
reference_url https://access.redhat.com/errata/RHSA-2015:1666
reference_id RHSA-2015:1666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1666
8
reference_url https://access.redhat.com/errata/RHSA-2015:1667
reference_id RHSA-2015:1667
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1667
9
reference_url https://access.redhat.com/errata/RHSA-2015:1668
reference_id RHSA-2015:1668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1668
10
reference_url https://access.redhat.com/errata/RHSA-2015:2661
reference_id RHSA-2015:2661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:2661
11
reference_url https://access.redhat.com/errata/RHSA-2016:0061
reference_id RHSA-2016:0061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0061
12
reference_url https://access.redhat.com/errata/RHSA-2016:0062
reference_id RHSA-2016:0062
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:0062
13
reference_url https://access.redhat.com/errata/RHSA-2016:2054
reference_id RHSA-2016:2054
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2054
14
reference_url https://access.redhat.com/errata/RHSA-2016:2055
reference_id RHSA-2016:2055
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2055
15
reference_url https://access.redhat.com/errata/RHSA-2016:2056
reference_id RHSA-2016:2056
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2056
16
reference_url https://usn.ubuntu.com/2686-1/
reference_id USN-2686-1
reference_type
scores
url https://usn.ubuntu.com/2686-1/
fixed_packages
aliases CVE-2015-3183
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4kb-21tp-4kc8
3
url VCID-tcmz-a5dq-d7cj
vulnerability_id VCID-tcmz-a5dq-d7cj
summary A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-0253
reference_id
reference_type
scores
0
value 0.1061
scoring_system epss
scoring_elements 0.93319
published_at 2026-04-21T12:55:00Z
1
value 0.1061
scoring_system epss
scoring_elements 0.9326
published_at 2026-04-01T12:55:00Z
2
value 0.1061
scoring_system epss
scoring_elements 0.93268
published_at 2026-04-02T12:55:00Z
3
value 0.1061
scoring_system epss
scoring_elements 0.93274
published_at 2026-04-04T12:55:00Z
4
value 0.1061
scoring_system epss
scoring_elements 0.93272
published_at 2026-04-07T12:55:00Z
5
value 0.1061
scoring_system epss
scoring_elements 0.93281
published_at 2026-04-08T12:55:00Z
6
value 0.1061
scoring_system epss
scoring_elements 0.93286
published_at 2026-04-09T12:55:00Z
7
value 0.1061
scoring_system epss
scoring_elements 0.93289
published_at 2026-04-13T12:55:00Z
8
value 0.1061
scoring_system epss
scoring_elements 0.93288
published_at 2026-04-12T12:55:00Z
9
value 0.1061
scoring_system epss
scoring_elements 0.93306
published_at 2026-04-16T12:55:00Z
10
value 0.1061
scoring_system epss
scoring_elements 0.93311
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-0253
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1243891
reference_id 1243891
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1243891
3
reference_url https://httpd.apache.org/security/json/CVE-2015-0253.json
reference_id CVE-2015-0253
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2015-0253.json
4
reference_url https://access.redhat.com/errata/RHSA-2015:1666
reference_id RHSA-2015:1666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1666
fixed_packages
aliases CVE-2015-0253
risk_score 1.1
exploitability 0.5
weighted_severity 2.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcmz-a5dq-d7cj
Fixing_vulnerabilities
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd24-httpd@2.4.12-6.el7%3Farch=1