Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/httpd@2.2.15-9.el6_1?arch=3

Type rpm

Namespace redhat

Name httpd

Version 2.2.15-9.el6_1

Qualifiers

arch	3

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-6vze-zk58-7yep

vulnerability_id

VCID-6vze-zk58-7yep

summary

A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3348.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3348.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3348

reference_id

reference_type

scores

value	0.34026
scoring_system	epss
scoring_elements	0.96982
published_at	2026-04-21T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.9694
published_at	2026-04-01T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96947
published_at	2026-04-02T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96952
published_at	2026-04-04T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96955
published_at	2026-04-07T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96963
published_at	2026-04-08T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96964
published_at	2026-04-09T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96967
published_at	2026-04-11T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96968
published_at	2026-04-12T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96969
published_at	2026-04-13T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96977
published_at	2026-04-16T12:55:00Z

value	0.34026
scoring_system	epss
scoring_elements	0.96981
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3348

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=736690
reference_id	736690
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=736690

reference_url

https://httpd.apache.org/security/json/CVE-2011-3348.json

reference_id

CVE-2011-3348

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2011-3348.json

reference_url	https://security.gentoo.org/glsa/201206-25
reference_id	GLSA-201206-25
reference_type
scores
url	https://security.gentoo.org/glsa/201206-25

reference_url	https://access.redhat.com/errata/RHSA-2011:1391
reference_id	RHSA-2011:1391
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1391

reference_url	https://access.redhat.com/errata/RHSA-2012:0542
reference_id	RHSA-2012:0542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0542

reference_url	https://access.redhat.com/errata/RHSA-2012:0543
reference_id	RHSA-2012:0543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0543

reference_url	https://usn.ubuntu.com/1259-1/
reference_id	USN-1259-1
reference_type
scores
url	https://usn.ubuntu.com/1259-1/

fixed_packages

aliases

CVE-2011-3348

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6vze-zk58-7yep

url

VCID-prd8-51a5-pygj

vulnerability_id

VCID-prd8-51a5-pygj

summary

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released.
Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3368.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3368.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3368

reference_id

reference_type

scores

value	0.79136
scoring_system	epss
scoring_elements	0.99069
published_at	2026-04-21T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99054
published_at	2026-04-01T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99055
published_at	2026-04-02T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99059
published_at	2026-04-04T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99062
published_at	2026-04-07T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99063
published_at	2026-04-08T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99064
published_at	2026-04-11T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99065
published_at	2026-04-13T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99066
published_at	2026-04-16T12:55:00Z

value	0.79136
scoring_system	epss
scoring_elements	0.99067
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=740045
reference_id	740045
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=740045

reference_url

https://httpd.apache.org/security/json/CVE-2011-3368.json

reference_id

CVE-2011-3368

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2011-3368.json

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17969.py
reference_id	CVE-2011-3368;OSVDB-76079
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17969.py

reference_url	https://security.gentoo.org/glsa/201206-25
reference_id	GLSA-201206-25
reference_type
scores
url	https://security.gentoo.org/glsa/201206-25

reference_url	https://access.redhat.com/errata/RHSA-2011:1391
reference_id	RHSA-2011:1391
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1391

reference_url	https://access.redhat.com/errata/RHSA-2011:1392
reference_id	RHSA-2011:1392
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1392

reference_url	https://access.redhat.com/errata/RHSA-2012:0542
reference_id	RHSA-2012:0542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0542

reference_url	https://access.redhat.com/errata/RHSA-2012:0543
reference_id	RHSA-2012:0543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0543

reference_url	https://usn.ubuntu.com/1259-1/
reference_id	USN-1259-1
reference_type
scores
url	https://usn.ubuntu.com/1259-1/

fixed_packages

aliases

CVE-2011-3368

risk_score

9.6

exploitability

2.0

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-prd8-51a5-pygj

Fixing_vulnerabilities

Risk_score 9.6

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.2.15-9.el6_1%3Farch=3

Package Instance