Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apache/httpd@2.4.46
Typeapache
Namespace
Namehttpd
Version2.4.46
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.54
Latest_non_vulnerable_version2.4.54
Affected_by_vulnerabilities
0
url VCID-17hy-4ppt-xyhw
vulnerability_id VCID-17hy-4ppt-xyhw
summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26691
reference_id
reference_type
scores
0
value 0.40357
scoring_system epss
scoring_elements 0.97325
published_at 2026-04-01T12:55:00Z
1
value 0.40357
scoring_system epss
scoring_elements 0.97348
published_at 2026-04-13T12:55:00Z
2
value 0.40357
scoring_system epss
scoring_elements 0.97344
published_at 2026-04-09T12:55:00Z
3
value 0.40357
scoring_system epss
scoring_elements 0.97346
published_at 2026-04-11T12:55:00Z
4
value 0.40357
scoring_system epss
scoring_elements 0.97347
published_at 2026-04-12T12:55:00Z
5
value 0.40357
scoring_system epss
scoring_elements 0.97332
published_at 2026-04-02T12:55:00Z
6
value 0.40357
scoring_system epss
scoring_elements 0.97336
published_at 2026-04-07T12:55:00Z
7
value 0.40357
scoring_system epss
scoring_elements 0.97343
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26691
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966732
reference_id 1966732
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966732
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2021-26691.json
reference_id CVE-2021-26691
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-26691.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:3816
reference_id RHSA-2021:3816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3816
13
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
14
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
15
reference_url https://access.redhat.com/errata/RHSA-2022:0143
reference_id RHSA-2022:0143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0143
16
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
17
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2021-26691
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw
1
url VCID-66k7-maf9-dfcd
vulnerability_id VCID-66k7-maf9-dfcd
summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35452
reference_id
reference_type
scores
0
value 0.10695
scoring_system epss
scoring_elements 0.93289
published_at 2026-04-01T12:55:00Z
1
value 0.10695
scoring_system epss
scoring_elements 0.93319
published_at 2026-04-13T12:55:00Z
2
value 0.10695
scoring_system epss
scoring_elements 0.93315
published_at 2026-04-09T12:55:00Z
3
value 0.10695
scoring_system epss
scoring_elements 0.9332
published_at 2026-04-11T12:55:00Z
4
value 0.10695
scoring_system epss
scoring_elements 0.93318
published_at 2026-04-12T12:55:00Z
5
value 0.10695
scoring_system epss
scoring_elements 0.93297
published_at 2026-04-02T12:55:00Z
6
value 0.10695
scoring_system epss
scoring_elements 0.93303
published_at 2026-04-04T12:55:00Z
7
value 0.10695
scoring_system epss
scoring_elements 0.93302
published_at 2026-04-07T12:55:00Z
8
value 0.10695
scoring_system epss
scoring_elements 0.93311
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35452
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966724
reference_id 1966724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966724
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2020-35452.json
reference_id CVE-2020-35452
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2020-35452.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
13
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
14
reference_url https://access.redhat.com/errata/RHSA-2022:1915
reference_id RHSA-2022:1915
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1915
15
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
16
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2020-35452
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd
2
url VCID-91u7-vh6n-v7fm
vulnerability_id VCID-91u7-vh6n-v7fm
summary Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13938
reference_id
reference_type
scores
0
value 0.00071
scoring_system epss
scoring_elements 0.21778
published_at 2026-04-01T12:55:00Z
1
value 0.00071
scoring_system epss
scoring_elements 0.21808
published_at 2026-04-13T12:55:00Z
2
value 0.00071
scoring_system epss
scoring_elements 0.21906
published_at 2026-04-11T12:55:00Z
3
value 0.00071
scoring_system epss
scoring_elements 0.21866
published_at 2026-04-12T12:55:00Z
4
value 0.00071
scoring_system epss
scoring_elements 0.21943
published_at 2026-04-02T12:55:00Z
5
value 0.00071
scoring_system epss
scoring_elements 0.21997
published_at 2026-04-04T12:55:00Z
6
value 0.00071
scoring_system epss
scoring_elements 0.21761
published_at 2026-04-07T12:55:00Z
7
value 0.00071
scoring_system epss
scoring_elements 0.21839
published_at 2026-04-08T12:55:00Z
8
value 0.00071
scoring_system epss
scoring_elements 0.21894
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13938
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1970006
reference_id 1970006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1970006
3
reference_url https://security.archlinux.org/AVG-2054
reference_id AVG-2054
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2054
4
reference_url https://httpd.apache.org/security/json/CVE-2020-13938.json
reference_id CVE-2020-13938
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2020-13938.json
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2020-13938
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm
3
url VCID-9ych-ybpr-j3h6
vulnerability_id VCID-9ych-ybpr-j3h6
summary Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13950
reference_id
reference_type
scores
0
value 0.21543
scoring_system epss
scoring_elements 0.95684
published_at 2026-04-01T12:55:00Z
1
value 0.21543
scoring_system epss
scoring_elements 0.95718
published_at 2026-04-13T12:55:00Z
2
value 0.21543
scoring_system epss
scoring_elements 0.95714
published_at 2026-04-09T12:55:00Z
3
value 0.21543
scoring_system epss
scoring_elements 0.95717
published_at 2026-04-11T12:55:00Z
4
value 0.21543
scoring_system epss
scoring_elements 0.95716
published_at 2026-04-12T12:55:00Z
5
value 0.21543
scoring_system epss
scoring_elements 0.95693
published_at 2026-04-02T12:55:00Z
6
value 0.21543
scoring_system epss
scoring_elements 0.95698
published_at 2026-04-04T12:55:00Z
7
value 0.21543
scoring_system epss
scoring_elements 0.95701
published_at 2026-04-07T12:55:00Z
8
value 0.21543
scoring_system epss
scoring_elements 0.9571
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13950
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966738
reference_id 1966738
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966738
5
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
6
reference_url https://httpd.apache.org/security/json/CVE-2020-13950.json
reference_id CVE-2020-13950
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2020-13950.json
7
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
8
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
9
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
10
reference_url https://access.redhat.com/errata/RHSA-2022:5163
reference_id RHSA-2022:5163
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5163
11
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2020-13950
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6
4
url VCID-bvkg-nrwd-e7g8
vulnerability_id VCID-bvkg-nrwd-e7g8
summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26690
reference_id
reference_type
scores
0
value 0.70379
scoring_system epss
scoring_elements 0.98675
published_at 2026-04-02T12:55:00Z
1
value 0.70379
scoring_system epss
scoring_elements 0.98687
published_at 2026-04-13T12:55:00Z
2
value 0.70379
scoring_system epss
scoring_elements 0.98682
published_at 2026-04-08T12:55:00Z
3
value 0.70379
scoring_system epss
scoring_elements 0.98683
published_at 2026-04-09T12:55:00Z
4
value 0.70379
scoring_system epss
scoring_elements 0.98685
published_at 2026-04-12T12:55:00Z
5
value 0.70379
scoring_system epss
scoring_elements 0.98678
published_at 2026-04-04T12:55:00Z
6
value 0.70379
scoring_system epss
scoring_elements 0.98681
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26690
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966729
reference_id 1966729
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966729
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2021-26690.json
reference_id CVE-2021-26690
reference_type
scores
0
value low
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-26690.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:4257
reference_id RHSA-2021:4257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4257
13
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
14
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
15
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
16
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2021-26690
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8
5
url VCID-f2y3-s6j8-7ygr
vulnerability_id VCID-f2y3-s6j8-7ygr
summary Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17567
reference_id
reference_type
scores
0
value 0.12438
scoring_system epss
scoring_elements 0.93865
published_at 2026-04-01T12:55:00Z
1
value 0.12438
scoring_system epss
scoring_elements 0.93903
published_at 2026-04-12T12:55:00Z
2
value 0.12438
scoring_system epss
scoring_elements 0.93895
published_at 2026-04-08T12:55:00Z
3
value 0.12438
scoring_system epss
scoring_elements 0.93898
published_at 2026-04-09T12:55:00Z
4
value 0.12438
scoring_system epss
scoring_elements 0.93902
published_at 2026-04-13T12:55:00Z
5
value 0.12438
scoring_system epss
scoring_elements 0.93874
published_at 2026-04-02T12:55:00Z
6
value 0.12438
scoring_system epss
scoring_elements 0.93883
published_at 2026-04-04T12:55:00Z
7
value 0.12438
scoring_system epss
scoring_elements 0.93886
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17567
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966740
reference_id 1966740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966740
5
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
6
reference_url https://httpd.apache.org/security/json/CVE-2019-17567.json
reference_id CVE-2019-17567
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2019-17567.json
7
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
8
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
9
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2019-17567
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr
6
url VCID-g6xr-qtwz-2yaq
vulnerability_id VCID-g6xr-qtwz-2yaq
summary Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-30641
reference_id
reference_type
scores
0
value 0.36362
scoring_system epss
scoring_elements 0.97082
published_at 2026-04-01T12:55:00Z
1
value 0.36362
scoring_system epss
scoring_elements 0.97111
published_at 2026-04-13T12:55:00Z
2
value 0.36362
scoring_system epss
scoring_elements 0.97105
published_at 2026-04-09T12:55:00Z
3
value 0.36362
scoring_system epss
scoring_elements 0.97109
published_at 2026-04-11T12:55:00Z
4
value 0.36362
scoring_system epss
scoring_elements 0.9711
published_at 2026-04-12T12:55:00Z
5
value 0.36362
scoring_system epss
scoring_elements 0.97089
published_at 2026-04-02T12:55:00Z
6
value 0.36362
scoring_system epss
scoring_elements 0.97094
published_at 2026-04-04T12:55:00Z
7
value 0.36362
scoring_system epss
scoring_elements 0.97095
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-30641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1966743
reference_id 1966743
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1966743
9
reference_url https://security.archlinux.org/AVG-2053
reference_id AVG-2053
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2053
10
reference_url https://httpd.apache.org/security/json/CVE-2021-30641.json
reference_id CVE-2021-30641
reference_type
scores
0
value moderate
scoring_system apache_httpd
scoring_elements
url https://httpd.apache.org/security/json/CVE-2021-30641.json
11
reference_url https://security.gentoo.org/glsa/202107-38
reference_id GLSA-202107-38
reference_type
scores
url https://security.gentoo.org/glsa/202107-38
12
reference_url https://access.redhat.com/errata/RHSA-2021:4257
reference_id RHSA-2021:4257
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4257
13
reference_url https://access.redhat.com/errata/RHSA-2021:4613
reference_id RHSA-2021:4613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4613
14
reference_url https://access.redhat.com/errata/RHSA-2021:4614
reference_id RHSA-2021:4614
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4614
15
reference_url https://usn.ubuntu.com/4994-1/
reference_id USN-4994-1
reference_type
scores
url https://usn.ubuntu.com/4994-1/
16
reference_url https://usn.ubuntu.com/4994-2/
reference_id USN-4994-2
reference_type
scores
url https://usn.ubuntu.com/4994-2/
fixed_packages
0
url pkg:apache/httpd@2.4.48
purl pkg:apache/httpd@2.4.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9u53-b79b-cfgd
1
vulnerability VCID-db6k-j9mj-e7hy
2
vulnerability VCID-mtg7-8556-kbgd
3
vulnerability VCID-rdtq-8ng5-53fn
4
vulnerability VCID-wrw6-uzz4-rkfb
resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48
aliases CVE-2021-30641
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq
Fixing_vulnerabilities
Risk_score3.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.46