Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/httpd@2.2.22-27.ep6?arch=el5

Type rpm

Namespace redhat

Name httpd

Version 2.2.22-27.ep6

Qualifiers

arch	el5

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-6pzx-1e5t-xbes

vulnerability_id

VCID-6pzx-1e5t-xbes

summary

XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6438.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6438

reference_id

reference_type

scores

value	0.30247
scoring_system	epss
scoring_elements	0.96688
published_at	2026-04-16T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96648
published_at	2026-04-01T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96657
published_at	2026-04-02T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96663
published_at	2026-04-04T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96666
published_at	2026-04-07T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96674
published_at	2026-04-08T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96676
published_at	2026-04-09T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96678
published_at	2026-04-12T12:55:00Z

value	0.30247
scoring_system	epss
scoring_elements	0.96681
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1077867
reference_id	1077867
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1077867

reference_url

https://httpd.apache.org/security/json/CVE-2013-6438.json

reference_id

CVE-2013-6438

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2013-6438.json

reference_url	https://security.gentoo.org/glsa/201408-12
reference_id	GLSA-201408-12
reference_type
scores
url	https://security.gentoo.org/glsa/201408-12

reference_url	https://access.redhat.com/errata/RHSA-2014:0369
reference_id	RHSA-2014:0369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0369

reference_url	https://access.redhat.com/errata/RHSA-2014:0370
reference_id	RHSA-2014:0370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0370

reference_url	https://access.redhat.com/errata/RHSA-2014:0783
reference_id	RHSA-2014:0783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0783

reference_url	https://access.redhat.com/errata/RHSA-2014:0784
reference_id	RHSA-2014:0784
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0784

reference_url	https://access.redhat.com/errata/RHSA-2014:0825
reference_id	RHSA-2014:0825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0825

reference_url	https://access.redhat.com/errata/RHSA-2014:0826
reference_id	RHSA-2014:0826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0826

reference_url	https://usn.ubuntu.com/2152-1/
reference_id	USN-2152-1
reference_type
scores
url	https://usn.ubuntu.com/2152-1/

fixed_packages

aliases

CVE-2013-6438

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6pzx-1e5t-xbes

url

VCID-ke1s-451y-p3cz

vulnerability_id

VCID-ke1s-451y-p3cz

summary

A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0098.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0098

reference_id

reference_type

scores

value	0.4102
scoring_system	epss
scoring_elements	0.97387
published_at	2026-04-16T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97357
published_at	2026-04-01T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97363
published_at	2026-04-02T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97367
published_at	2026-04-04T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97368
published_at	2026-04-07T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97375
published_at	2026-04-08T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97376
published_at	2026-04-09T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97378
published_at	2026-04-11T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.97379
published_at	2026-04-12T12:55:00Z

value	0.4102
scoring_system	epss
scoring_elements	0.9738
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1077871
reference_id	1077871
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1077871

reference_url

https://httpd.apache.org/security/json/CVE-2014-0098.json

reference_id

CVE-2014-0098

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2014-0098.json

reference_url	https://security.gentoo.org/glsa/201408-12
reference_id	GLSA-201408-12
reference_type
scores
url	https://security.gentoo.org/glsa/201408-12

reference_url	https://access.redhat.com/errata/RHSA-2014:0369
reference_id	RHSA-2014:0369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0369

reference_url	https://access.redhat.com/errata/RHSA-2014:0370
reference_id	RHSA-2014:0370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0370

reference_url	https://access.redhat.com/errata/RHSA-2014:0783
reference_id	RHSA-2014:0783
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0783

reference_url	https://access.redhat.com/errata/RHSA-2014:0784
reference_id	RHSA-2014:0784
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0784

reference_url	https://access.redhat.com/errata/RHSA-2014:0825
reference_id	RHSA-2014:0825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0825

reference_url	https://access.redhat.com/errata/RHSA-2014:0826
reference_id	RHSA-2014:0826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0826

reference_url	https://usn.ubuntu.com/2152-1/
reference_id	USN-2152-1
reference_type
scores
url	https://usn.ubuntu.com/2152-1/

fixed_packages

aliases

CVE-2014-0098

risk_score

1.1

exploitability

0.5

weighted_severity

2.1

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ke1s-451y-p3cz

Fixing_vulnerabilities

Risk_score 2.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.2.22-27.ep6%3Farch=el5

Package Instance