Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie

Type deb

Namespace debian

Name apache2

Version 2.4.59-1~deb12u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.4.59-1

Latest_non_vulnerable_version 2.4.66-8

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2e6w-fs4j-17g9

vulnerability_id VCID-2e6w-fs4j-17g9

summary HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-27316

reference_id

reference_type

scores

value	0.89409
scoring_system	epss
scoring_elements	0.9955
published_at	2026-04-18T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99542
published_at	2026-04-02T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99543
published_at	2026-04-04T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99545
published_at	2026-04-11T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99546
published_at	2026-04-13T12:55:00Z

value	0.89409
scoring_system	epss
scoring_elements	0.99549
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-27316

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id	1068412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412

reference_url

https://www.openwall.com/lists/oss-security/2024/04/03/16

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

https://www.openwall.com/lists/oss-security/2024/04/03/16

reference_url

http://seclists.org/fulldisclosure/2024/Jul/18

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

http://seclists.org/fulldisclosure/2024/Jul/18

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2268277
reference_id	2268277
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2268277

reference_url

http://www.openwall.com/lists/oss-security/2024/04/04/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

http://www.openwall.com/lists/oss-security/2024/04/04/4

reference_url	https://httpd.apache.org/security/json/CVE-2024-27316.json
reference_id	CVE-2024-27316
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-27316.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://support.apple.com/kb/HT214119

reference_id

HT214119

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/

url

https://support.apple.com/kb/HT214119

reference_url	https://access.redhat.com/errata/RHSA-2024:1786
reference_id	RHSA-2024:1786
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1786

reference_url	https://access.redhat.com/errata/RHSA-2024:1872
reference_id	RHSA-2024:1872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1872

reference_url	https://access.redhat.com/errata/RHSA-2024:2564
reference_id	RHSA-2024:2564
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2564

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

reference_url	https://access.redhat.com/errata/RHSA-2024:2891
reference_id	RHSA-2024:2891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2891

reference_url	https://access.redhat.com/errata/RHSA-2024:2907
reference_id	RHSA-2024:2907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2907

reference_url	https://access.redhat.com/errata/RHSA-2024:3402
reference_id	RHSA-2024:3402
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3402

reference_url	https://access.redhat.com/errata/RHSA-2024:3417
reference_id	RHSA-2024:3417
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3417

reference_url	https://access.redhat.com/errata/RHSA-2024:4390
reference_id	RHSA-2024:4390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4390

reference_url	https://access.redhat.com/errata/RHSA-2025:16668
reference_id	RHSA-2025:16668
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16668

reference_url	https://usn.ubuntu.com/6729-1/
reference_id	USN-6729-1
reference_type
scores
url	https://usn.ubuntu.com/6729-1/

reference_url	https://usn.ubuntu.com/6729-2/
reference_id	USN-6729-2
reference_type
scores
url	https://usn.ubuntu.com/6729-2/

reference_url	https://usn.ubuntu.com/6729-3/
reference_id	USN-6729-3
reference_type
scores
url	https://usn.ubuntu.com/6729-3/

fixed_packages

url	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie

aliases CVE-2024-27316

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e6w-fs4j-17g9

url VCID-b68y-4prb-bfdk

vulnerability_id VCID-b68y-4prb-bfdk

summary Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31122

reference_id

reference_type

scores

value	0.0043
scoring_system	epss
scoring_elements	0.6251
published_at	2026-04-02T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62589
published_at	2026-04-21T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.6256
published_at	2026-04-08T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62575
published_at	2026-04-09T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62593
published_at	2026-04-11T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62582
published_at	2026-04-12T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62559
published_at	2026-04-13T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62601
published_at	2026-04-16T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62606
published_at	2026-04-18T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62543
published_at	2026-04-04T12:55:00Z

value	0.0043
scoring_system	epss
scoring_elements	0.62508
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2245332
reference_id	2245332
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2245332

reference_url	https://httpd.apache.org/security/json/CVE-2023-31122.json
reference_id	CVE-2023-31122
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-31122.json

reference_url

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

reference_id

msg00013.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

reference_url

https://security.netapp.com/advisory/ntap-20231027-0011/

reference_id

ntap-20231027-0011

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://security.netapp.com/advisory/ntap-20231027-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:1316
reference_id	RHSA-2024:1316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1316

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:2278
reference_id	RHSA-2024:2278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2278

reference_url	https://access.redhat.com/errata/RHSA-2024:3121
reference_id	RHSA-2024:3121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3121

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/

reference_id

TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/

reference_url	https://usn.ubuntu.com/6506-1/
reference_id	USN-6506-1
reference_type
scores
url	https://usn.ubuntu.com/6506-1/

reference_url	https://usn.ubuntu.com/6510-1/
reference_id	USN-6510-1
reference_type
scores
url	https://usn.ubuntu.com/6510-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/

reference_id

VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/

reference_id

ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/

fixed_packages

url	pkg:deb/debian/apache2@2.4.58-1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.58-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.58-1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie

aliases CVE-2023-31122

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b68y-4prb-bfdk

url VCID-bau7-pme5-ckbt

vulnerability_id VCID-bau7-pme5-ckbt

summary

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24795

reference_id

reference_type

scores

value	0.01123
scoring_system	epss
scoring_elements	0.78291
published_at	2026-04-21T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78267
published_at	2026-04-13T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78297
published_at	2026-04-16T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78295
published_at	2026-04-18T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78219
published_at	2026-04-02T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78249
published_at	2026-04-04T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78231
published_at	2026-04-07T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78258
published_at	2026-04-08T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78264
published_at	2026-04-09T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78289
published_at	2026-04-11T12:55:00Z

value	0.01123
scoring_system	epss
scoring_elements	0.78271
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id	1068412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2273499
reference_id	2273499
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2273499

reference_url	https://httpd.apache.org/security/json/CVE-2024-24795.json
reference_id	CVE-2024-24795
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2024-24795.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url	https://access.redhat.com/errata/RHSA-2024:9306
reference_id	RHSA-2024:9306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9306

reference_url	https://access.redhat.com/errata/RHSA-2025:3452
reference_id	RHSA-2025:3452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3452

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://usn.ubuntu.com/6729-1/
reference_id	USN-6729-1
reference_type
scores
url	https://usn.ubuntu.com/6729-1/

reference_url	https://usn.ubuntu.com/6729-2/
reference_id	USN-6729-2
reference_type
scores
url	https://usn.ubuntu.com/6729-2/

reference_url	https://usn.ubuntu.com/6729-3/
reference_id	USN-6729-3
reference_type
scores
url	https://usn.ubuntu.com/6729-3/

fixed_packages

url	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie

aliases CVE-2024-24795

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bau7-pme5-ckbt

url VCID-kkuy-1j91-9bb2

vulnerability_id VCID-kkuy-1j91-9bb2

summary

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.

This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45802

reference_id

reference_type

scores

value	0.01741
scoring_system	epss
scoring_elements	0.82453
published_at	2026-04-02T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82495
published_at	2026-04-08T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82516
published_at	2026-04-12T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82511
published_at	2026-04-13T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82548
published_at	2026-04-18T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82471
published_at	2026-04-04T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82467
published_at	2026-04-07T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.82501
published_at	2026-04-09T12:55:00Z

value	0.01741
scoring_system	epss
scoring_elements	0.8252
published_at	2026-04-11T12:55:00Z

value	0.0225
scoring_system	epss
scoring_elements	0.84611
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2243877
reference_id	2243877
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2243877

reference_url	https://httpd.apache.org/security/json/CVE-2023-45802.json
reference_id	CVE-2023-45802
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-45802.json

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:2368
reference_id	RHSA-2024:2368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2368

reference_url	https://access.redhat.com/errata/RHSA-2024:2891
reference_id	RHSA-2024:2891
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2891

reference_url	https://access.redhat.com/errata/RHSA-2024:3121
reference_id	RHSA-2024:3121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3121

reference_url	https://usn.ubuntu.com/6506-1/
reference_id	USN-6506-1
reference_type
scores
url	https://usn.ubuntu.com/6506-1/

fixed_packages

url	pkg:deb/debian/apache2@2.4.58-1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.58-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.58-1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie

aliases CVE-2023-45802

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2

url VCID-xhyc-9rpu-2bc8

vulnerability_id VCID-xhyc-9rpu-2bc8

summary

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38709

reference_id

reference_type

scores

value	0.03255
scoring_system	epss
scoring_elements	0.87147
published_at	2026-04-21T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.8714
published_at	2026-04-11T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.87134
published_at	2026-04-12T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.87129
published_at	2026-04-13T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.87146
published_at	2026-04-16T12:55:00Z

value	0.03255
scoring_system	epss
scoring_elements	0.8715
published_at	2026-04-18T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87294
published_at	2026-04-08T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87261
published_at	2026-04-02T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87302
published_at	2026-04-09T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87277
published_at	2026-04-04T12:55:00Z

value	0.03342
scoring_system	epss
scoring_elements	0.87275
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id	1068412
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412

reference_url

http://seclists.org/fulldisclosure/2024/Jul/18

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

http://seclists.org/fulldisclosure/2024/Jul/18

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2273491
reference_id	2273491
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2273491

reference_url

http://www.openwall.com/lists/oss-security/2024/04/04/3

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

http://www.openwall.com/lists/oss-security/2024/04/04/3

reference_url	https://httpd.apache.org/security/json/CVE-2023-38709.json
reference_id	CVE-2023-38709
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-38709.json

reference_url	https://security.gentoo.org/glsa/202409-31
reference_id	GLSA-202409-31
reference_type
scores
url	https://security.gentoo.org/glsa/202409-31

reference_url

https://support.apple.com/kb/HT214119

reference_id

HT214119

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

https://support.apple.com/kb/HT214119

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

reference_id

I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

reference_id

LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/

reference_url

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

reference_id

msg00013.html

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html

reference_url

https://security.netapp.com/advisory/ntap-20240415-0013/

reference_id

ntap-20240415-0013

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

https://security.netapp.com/advisory/ntap-20240415-0013/

reference_url	https://access.redhat.com/errata/RHSA-2024:4197
reference_id	RHSA-2024:4197
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4197

reference_url	https://access.redhat.com/errata/RHSA-2024:6927
reference_id	RHSA-2024:6927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6927

reference_url	https://access.redhat.com/errata/RHSA-2024:6928
reference_id	RHSA-2024:6928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6928

reference_url	https://access.redhat.com/errata/RHSA-2024:9306
reference_id	RHSA-2024:9306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9306

reference_url	https://usn.ubuntu.com/6729-1/
reference_id	USN-6729-1
reference_type
scores
url	https://usn.ubuntu.com/6729-1/

reference_url	https://usn.ubuntu.com/6729-2/
reference_id	USN-6729-2
reference_type
scores
url	https://usn.ubuntu.com/6729-2/

reference_url	https://usn.ubuntu.com/6729-3/
reference_id	USN-6729-3
reference_type
scores
url	https://usn.ubuntu.com/6729-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

reference_id

WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/

fixed_packages

url	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie

aliases CVE-2023-38709

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhyc-9rpu-2bc8

url VCID-xnfs-bpwj-3ycp

vulnerability_id VCID-xnfs-bpwj-3ycp

summary

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.

This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.

Users are recommended to upgrade to version 2.4.58, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-43622

reference_id

reference_type

scores

value	0.59064
scoring_system	epss
scoring_elements	0.98216
published_at	2026-04-02T12:55:00Z

value	0.61258
scoring_system	epss
scoring_elements	0.98324
published_at	2026-04-21T12:55:00Z

value	0.61258
scoring_system	epss
scoring_elements	0.98309
published_at	2026-04-07T12:55:00Z

value	0.61258
scoring_system	epss
scoring_elements	0.98314
published_at	2026-04-09T12:55:00Z

value	0.61258
scoring_system	epss
scoring_elements	0.98318
published_at	2026-04-13T12:55:00Z

value	0.61258
scoring_system	epss
scoring_elements	0.98307
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2245153
reference_id	2245153
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2245153

reference_url	https://httpd.apache.org/security/json/CVE-2023-43622.json
reference_id	CVE-2023-43622
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-43622.json

reference_url

https://security.netapp.com/advisory/ntap-20231027-0011/

reference_id

ntap-20231027-0011

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T16:02:28Z/

url

https://security.netapp.com/advisory/ntap-20231027-0011/

reference_url	https://access.redhat.com/errata/RHSA-2024:2368
reference_id	RHSA-2024:2368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2368

reference_url	https://usn.ubuntu.com/6506-1/
reference_id	USN-6506-1
reference_type
scores
url	https://usn.ubuntu.com/6506-1/

fixed_packages

url	pkg:deb/debian/apache2@2.4.58-1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.58-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.58-1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.59-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie

url	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
purl	pkg:deb/debian/apache2@2.4.66-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie

aliases CVE-2023-43622

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnfs-bpwj-3ycp

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.59-1~deb12u1%3Fdistro=trixie

Package Instance