Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apache/httpd@2.4.48

Type apache

Namespace

Name httpd

Version 2.4.48

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.4.54

Latest_non_vulnerable_version 2.4.54

Affected_by_vulnerabilities

url VCID-9u53-b79b-cfgd

vulnerability_id VCID-9u53-b79b-cfgd

summary

Malformed requests may cause the server to dereference a NULL pointer.


This issue affects Apache HTTP Server 2.4.48 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-34798

reference_id

reference_type

scores

value	0.1029
scoring_system	epss
scoring_elements	0.93141
published_at	2026-04-01T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93171
published_at	2026-04-13T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93166
published_at	2026-04-09T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93172
published_at	2026-04-11T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93169
published_at	2026-04-12T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93151
published_at	2026-04-02T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93154
published_at	2026-04-04T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93153
published_at	2026-04-07T12:55:00Z

value	0.1029
scoring_system	epss
scoring_elements	0.93162
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005128
reference_id	2005128
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005128

reference_url

https://security.archlinux.org/AVG-2289

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2289

reference_url

https://httpd.apache.org/security/json/CVE-2021-34798.json

reference_id

CVE-2021-34798

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-34798.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://access.redhat.com/errata/RHSA-2022:0891
reference_id	RHSA-2022:0891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0891

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

reference_url	https://usn.ubuntu.com/5090-2/
reference_id	USN-5090-2
reference_type
scores
url	https://usn.ubuntu.com/5090-2/

fixed_packages

url pkg:apache/httpd@2.4.49

purl pkg:apache/httpd@2.4.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ffpe-1ctd-77e9

vulnerability	VCID-hj5r-jms3-x3fe

vulnerability	VCID-qn74-neyt-jkg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49

aliases CVE-2021-34798

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd

url VCID-db6k-j9mj-e7hy

vulnerability_id VCID-db6k-j9mj-e7hy

summary

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.

This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33193

reference_id

reference_type

scores

value	0.00739
scoring_system	epss
scoring_elements	0.72839
published_at	2026-04-01T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.729
published_at	2026-04-12T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72879
published_at	2026-04-08T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72892
published_at	2026-04-13T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72917
published_at	2026-04-11T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72846
published_at	2026-04-02T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72866
published_at	2026-04-04T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72841
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966728
reference_id	1966728
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966728

reference_url

https://security.archlinux.org/AVG-2289

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2289

reference_url

https://httpd.apache.org/security/json/CVE-2021-33193.json

reference_id

CVE-2021-33193

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-33193.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

fixed_packages

url pkg:apache/httpd@2.4.49

purl pkg:apache/httpd@2.4.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ffpe-1ctd-77e9

vulnerability	VCID-hj5r-jms3-x3fe

vulnerability	VCID-qn74-neyt-jkg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49

aliases CVE-2021-33193

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy

url VCID-mtg7-8556-kbgd

vulnerability_id VCID-mtg7-8556-kbgd

summary

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.

This issue affects Apache HTTP Server 2.4.48 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40438

reference_id

reference_type

scores

value	0.94432
scoring_system	epss
scoring_elements	0.99985
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005117
reference_id	2005117
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005117

reference_url

https://security.archlinux.org/AVG-2289

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2289

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

reference_id

cisco-sa-apache-httpd-2.4.49-VWL69sWQ

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ

reference_url

https://httpd.apache.org/security/json/CVE-2021-40438.json

reference_id

CVE-2021-40438

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-40438.json

reference_url

https://www.debian.org/security/2021/dsa-4982

reference_id

dsa-4982

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://www.debian.org/security/2021/dsa-4982

reference_url

https://security.gentoo.org/glsa/202208-20

reference_id

GLSA-202208-20

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://security.gentoo.org/glsa/202208-20

reference_url

https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html

reference_id

msg00001.html

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html

reference_url

https://security.netapp.com/advisory/ntap-20211008-0004/

reference_id

ntap-20211008-0004

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://security.netapp.com/advisory/ntap-20211008-0004/

reference_url

https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E

reference_id

r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E

reference_id

r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E

reference_id

r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E

reference_id

r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

reference_id

r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E

reference_id

r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E

reference_id

rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E

reference_url	https://access.redhat.com/errata/RHSA-2021:3745
reference_id	RHSA-2021:3745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3745

reference_url	https://access.redhat.com/errata/RHSA-2021:3746
reference_id	RHSA-2021:3746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3746

reference_url	https://access.redhat.com/errata/RHSA-2021:3754
reference_id	RHSA-2021:3754
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3754

reference_url	https://access.redhat.com/errata/RHSA-2021:3816
reference_id	RHSA-2021:3816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3816

reference_url	https://access.redhat.com/errata/RHSA-2021:3836
reference_id	RHSA-2021:3836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3836

reference_url	https://access.redhat.com/errata/RHSA-2021:3837
reference_id	RHSA-2021:3837
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3837

reference_url	https://access.redhat.com/errata/RHSA-2021:3856
reference_id	RHSA-2021:3856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3856

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

reference_id

SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf

reference_id

ssa-685781.pdf

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf

reference_url

https://www.tenable.com/security/tns-2021-17

reference_id

tns-2021-17

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://www.tenable.com/security/tns-2021-17

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

reference_url	https://usn.ubuntu.com/5090-2/
reference_id	USN-5090-2
reference_type
scores
url	https://usn.ubuntu.com/5090-2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

reference_id

ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R

reference_type

scores

value	9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/

fixed_packages

url pkg:apache/httpd@2.4.49

purl pkg:apache/httpd@2.4.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ffpe-1ctd-77e9

vulnerability	VCID-hj5r-jms3-x3fe

vulnerability	VCID-qn74-neyt-jkg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49

aliases CVE-2021-40438

risk_score 10.0

exploitability 2.0

weighted_severity 8.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd

url VCID-rdtq-8ng5-53fn

vulnerability_id VCID-rdtq-8ng5-53fn

summary

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).

This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-36160

reference_id

reference_type

scores

value	0.03716
scoring_system	epss
scoring_elements	0.8792
published_at	2026-04-01T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87977
published_at	2026-04-13T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87974
published_at	2026-04-09T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87985
published_at	2026-04-11T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87978
published_at	2026-04-12T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.8793
published_at	2026-04-02T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87943
published_at	2026-04-04T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87947
published_at	2026-04-07T12:55:00Z

value	0.03716
scoring_system	epss
scoring_elements	0.87968
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005124
reference_id	2005124
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005124

reference_url

https://security.archlinux.org/AVG-2289

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2289

reference_url

https://httpd.apache.org/security/json/CVE-2021-36160.json

reference_id

CVE-2021-36160

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-36160.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

fixed_packages

url pkg:apache/httpd@2.4.49

purl pkg:apache/httpd@2.4.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ffpe-1ctd-77e9

vulnerability	VCID-hj5r-jms3-x3fe

vulnerability	VCID-qn74-neyt-jkg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49

aliases CVE-2021-36160

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn

url VCID-wrw6-uzz4-rkfb

vulnerability_id VCID-wrw6-uzz4-rkfb

summary

ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  
No included modules pass untrusted data to these functions, but third-party / external modules may.

This issue affects Apache HTTP Server 2.4.48 and earlier.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-39275

reference_id

reference_type

scores

value	0.37674
scoring_system	epss
scoring_elements	0.97171
published_at	2026-04-01T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97199
published_at	2026-04-13T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97193
published_at	2026-04-08T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97194
published_at	2026-04-09T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97198
published_at	2026-04-11T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97177
published_at	2026-04-02T12:55:00Z

value	0.37674
scoring_system	epss
scoring_elements	0.97183
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2005119
reference_id	2005119
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2005119

reference_url

https://security.archlinux.org/AVG-2289

reference_id

AVG-2289

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2289

reference_url

https://httpd.apache.org/security/json/CVE-2021-39275.json

reference_id

CVE-2021-39275

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-39275.json

reference_url	https://security.gentoo.org/glsa/202208-20
reference_id	GLSA-202208-20
reference_type
scores
url	https://security.gentoo.org/glsa/202208-20

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://access.redhat.com/errata/RHSA-2022:0891
reference_id	RHSA-2022:0891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0891

reference_url	https://access.redhat.com/errata/RHSA-2022:6753
reference_id	RHSA-2022:6753
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6753

reference_url	https://access.redhat.com/errata/RHSA-2022:7143
reference_id	RHSA-2022:7143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7143

reference_url	https://access.redhat.com/errata/RHSA-2022:7144
reference_id	RHSA-2022:7144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7144

reference_url	https://usn.ubuntu.com/5090-1/
reference_id	USN-5090-1
reference_type
scores
url	https://usn.ubuntu.com/5090-1/

reference_url	https://usn.ubuntu.com/5090-2/
reference_id	USN-5090-2
reference_type
scores
url	https://usn.ubuntu.com/5090-2/

fixed_packages

url pkg:apache/httpd@2.4.49

purl pkg:apache/httpd@2.4.49

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ffpe-1ctd-77e9

vulnerability	VCID-hj5r-jms3-x3fe

vulnerability	VCID-qn74-neyt-jkg9

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49

aliases CVE-2021-39275

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb

Fixing_vulnerabilities

url VCID-17hy-4ppt-xyhw

vulnerability_id VCID-17hy-4ppt-xyhw

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26691

reference_id

reference_type

scores

value	0.40357
scoring_system	epss
scoring_elements	0.97325
published_at	2026-04-01T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97348
published_at	2026-04-13T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97344
published_at	2026-04-09T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97346
published_at	2026-04-11T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97347
published_at	2026-04-12T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97332
published_at	2026-04-02T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97336
published_at	2026-04-07T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97343
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966732
reference_id	1966732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966732

reference_url

https://security.archlinux.org/AVG-2053

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2053

reference_url

https://httpd.apache.org/security/json/CVE-2021-26691.json

reference_id

CVE-2021-26691

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26691.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:3816
reference_id	RHSA-2021:3816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3816

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2021-26691

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw

url VCID-66k7-maf9-dfcd

vulnerability_id VCID-66k7-maf9-dfcd

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35452

reference_id

reference_type

scores

value	0.10695
scoring_system	epss
scoring_elements	0.93289
published_at	2026-04-01T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93319
published_at	2026-04-13T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93315
published_at	2026-04-09T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.9332
published_at	2026-04-11T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93318
published_at	2026-04-12T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93297
published_at	2026-04-02T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93303
published_at	2026-04-04T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93302
published_at	2026-04-07T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93311
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966724
reference_id	1966724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966724

reference_url

https://security.archlinux.org/AVG-2053

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2053

reference_url

https://httpd.apache.org/security/json/CVE-2020-35452.json

reference_id

CVE-2020-35452

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-35452.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2020-35452

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd

url VCID-6b7y-562y-suce

vulnerability_id VCID-6b7y-562y-suce

summary

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.

This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.

This issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31618

reference_id

reference_type

scores

value	0.11001
scoring_system	epss
scoring_elements	0.93424
published_at	2026-04-12T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.934
published_at	2026-04-02T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93416
published_at	2026-04-08T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93392
published_at	2026-04-01T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93408
published_at	2026-04-07T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93425
published_at	2026-04-13T12:55:00Z

value	0.11001
scoring_system	epss
scoring_elements	0.93419
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31618

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1968013
reference_id	1968013
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1968013

reference_url

http://www.openwall.com/lists/oss-security/2024/03/13/2

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

http://www.openwall.com/lists/oss-security/2024/03/13/2

reference_url

https://seclists.org/oss-sec/2021/q2/206

reference_id

206

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://seclists.org/oss-sec/2021/q2/206

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/

reference_id

2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/

reference_url

http://www.openwall.com/lists/oss-security/2021/06/10/9

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

http://www.openwall.com/lists/oss-security/2021/06/10/9

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562
reference_id	989562
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/

reference_id

A73QJ4HPUMU26I6EULG6SCK67TUEXZYR

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/

reference_url	https://security.archlinux.org/ASA-202106-23
reference_id	ASA-202106-23
reference_type
scores
url	https://security.archlinux.org/ASA-202106-23

reference_url

https://security.archlinux.org/AVG-2041

reference_id

AVG-2041

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2041

reference_url

https://httpd.apache.org/security/json/CVE-2021-31618.json

reference_id

CVE-2021-31618

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-31618.json

reference_url

https://www.debian.org/security/2021/dsa-4937

reference_id

dsa-4937

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://www.debian.org/security/2021/dsa-4937

reference_url

https://security.gentoo.org/glsa/202107-38

reference_id

GLSA-202107-38

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://security.gentoo.org/glsa/202107-38

reference_url

https://security.netapp.com/advisory/ntap-20210727-0008/

reference_id

ntap-20210727-0008

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://security.netapp.com/advisory/ntap-20210727-0008/

reference_url

https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

reference_id

r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

reference_id

r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/

url

https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2021-31618

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce

url VCID-91u7-vh6n-v7fm

vulnerability_id VCID-91u7-vh6n-v7fm

summary Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13938

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21778
published_at	2026-04-01T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21808
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21906
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21866
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21943
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21997
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21761
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21839
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21894
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13938

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1970006
reference_id	1970006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1970006

reference_url

https://security.archlinux.org/AVG-2054

reference_id

AVG-2054

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2054

reference_url

https://httpd.apache.org/security/json/CVE-2020-13938.json

reference_id

CVE-2020-13938

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-13938.json

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2020-13938

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm

url VCID-9ych-ybpr-j3h6

vulnerability_id VCID-9ych-ybpr-j3h6

summary Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13950

reference_id

reference_type

scores

value	0.21543
scoring_system	epss
scoring_elements	0.95684
published_at	2026-04-01T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95718
published_at	2026-04-13T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95714
published_at	2026-04-09T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95717
published_at	2026-04-11T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95716
published_at	2026-04-12T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95693
published_at	2026-04-02T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95698
published_at	2026-04-04T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.95701
published_at	2026-04-07T12:55:00Z

value	0.21543
scoring_system	epss
scoring_elements	0.9571
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966738
reference_id	1966738
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966738

reference_url

https://security.archlinux.org/AVG-2053

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2053

reference_url

https://httpd.apache.org/security/json/CVE-2020-13950.json

reference_id

CVE-2020-13950

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-13950.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:5163
reference_id	RHSA-2022:5163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5163

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2020-13950

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6

url VCID-bvkg-nrwd-e7g8

vulnerability_id VCID-bvkg-nrwd-e7g8

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26690

reference_id

reference_type

scores

value	0.70379
scoring_system	epss
scoring_elements	0.98675
published_at	2026-04-02T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98687
published_at	2026-04-13T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98682
published_at	2026-04-08T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98683
published_at	2026-04-09T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98685
published_at	2026-04-12T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98678
published_at	2026-04-04T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98681
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966729
reference_id	1966729
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966729

reference_url

https://security.archlinux.org/AVG-2053

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2053

reference_url

https://httpd.apache.org/security/json/CVE-2021-26690.json

reference_id

CVE-2021-26690

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26690.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4257
reference_id	RHSA-2021:4257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4257

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2021-26690

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8

url VCID-f2y3-s6j8-7ygr

vulnerability_id VCID-f2y3-s6j8-7ygr

summary Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17567

reference_id

reference_type

scores

value	0.12438
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-01T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93903
published_at	2026-04-12T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93895
published_at	2026-04-08T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93898
published_at	2026-04-09T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93902
published_at	2026-04-13T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93874
published_at	2026-04-02T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93883
published_at	2026-04-04T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93886
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17567

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966740
reference_id	1966740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966740

reference_url

https://security.archlinux.org/AVG-2053

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2053

reference_url

https://httpd.apache.org/security/json/CVE-2019-17567.json

reference_id

CVE-2019-17567

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-17567.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2019-17567

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr

url VCID-g6xr-qtwz-2yaq

vulnerability_id VCID-g6xr-qtwz-2yaq

summary Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-30641

reference_id

reference_type

scores

value	0.36362
scoring_system	epss
scoring_elements	0.97082
published_at	2026-04-01T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97111
published_at	2026-04-13T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97105
published_at	2026-04-09T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97109
published_at	2026-04-11T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.9711
published_at	2026-04-12T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97089
published_at	2026-04-02T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97094
published_at	2026-04-04T12:55:00Z

value	0.36362
scoring_system	epss
scoring_elements	0.97095
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966743
reference_id	1966743
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966743

reference_url

https://security.archlinux.org/AVG-2053

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2053

reference_url

https://httpd.apache.org/security/json/CVE-2021-30641.json

reference_id

CVE-2021-30641

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-30641.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4257
reference_id	RHSA-2021:4257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4257

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2021-30641

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

Package Instance