Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582525?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "apache2", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.0.36", "latest_non_vulnerable_version": "2.4.66-8", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90504?format=api", "vulnerability_id": "VCID-27q1-umct-1qe3", "summary": "Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6423.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6423.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87924", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87902", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87919", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87925", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87858", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.8788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87897", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87889", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0366", "scoring_system": "epss", "scoring_elements": "0.87903", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04888", "scoring_system": "epss", "scoring_elements": "0.89546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04888", "scoring_system": "epss", "scoring_elements": "0.89559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04888", "scoring_system": "epss", "scoring_elements": "0.89543", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6423" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6423" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27q1-umct-1qe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90298?format=api", "vulnerability_id": "VCID-35pg-v3ae-8kct", "summary": "The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1138.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2003-1138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89922", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89926", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89938", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89944", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.8996", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89966", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89974", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89965", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.8998", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89981", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89977", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05234", "scoring_system": "epss", "scoring_elements": "0.89991", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2003-1138" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/23296.txt", "reference_id": "CVE-2003-1138;OSVDB-19137", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/23296.txt" }, { "reference_url": "https://www.securityfocus.com/bid/8898/info", "reference_id": "CVE-2003-1138;OSVDB-19137", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/8898/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2003-1138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35pg-v3ae-8kct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3858?format=api", "vulnerability_id": "VCID-4jfa-3r1g-m7h8", "summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68026", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67968", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68012", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.68021", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67897", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67915", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67895", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67946", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.6796", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67971", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67936", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67973", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00549", "scoring_system": "epss", "scoring_elements": "0.67986", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40898" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298648", "reference_id": "2298648", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298648" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-40898.json", "reference_id": "CVE-2024-40898", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-40898.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6928", "reference_id": "RHSA-2024:6928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-40898" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4jfa-3r1g-m7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3692?format=api", "vulnerability_id": "VCID-699n-tvdd-qkgj", "summary": "The recall_headers function in mod_mem_cache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "reference_id": "", "reference_type": "", "scores": [], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219" }, { "reference_url": "http://httpd.apache.org/security/vulnerabilities_22.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "reference_url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41551", "reference_id": "", "reference_type": "", "scores": [], "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=41551" }, { "reference_url": "http://osvdb.org/38641", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/38641" }, { "reference_url": "http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff", "reference_id": "", "reference_type": "", "scores": [], "url": "http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1862.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1862.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93334", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93276", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93336", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.9334", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93284", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.9329", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93289", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93302", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93306", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93304", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93305", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93323", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10659", "scoring_system": "epss", "scoring_elements": "0.93328", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1862" }, { "reference_url": "http://secunia.com/advisories/26273", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26273" }, { "reference_url": "http://secunia.com/advisories/26842", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/26842" }, { "reference_url": "http://secunia.com/advisories/27563", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/27563" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-06.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml" }, { "reference_url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:127", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:127" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "reference_url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html" }, { "reference_url": "http://www.securityfocus.com/bid/24553", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/24553" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2231", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2231" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2727", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2007/2727" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=242606", "reference_id": "242606", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=242606" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2007-1862.json", "reference_id": "CVE-2007-1862", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2007-1862.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1862", "reference_id": "CVE-2007-1862", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1862" }, { "reference_url": "https://security.gentoo.org/glsa/200711-06", "reference_id": "GLSA-200711-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-1862" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-699n-tvdd-qkgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3720?format=api", "vulnerability_id": "VCID-7krj-8vat-3ydy", "summary": "A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.9943", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99421", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.9942", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99422", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99423", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99424", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99426", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99427", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99429", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99428", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.86822", "scoring_system": "epss", "scoring_elements": "0.99431", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0425" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2010-0425.json", "reference_id": "CVE-2010-0425", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2010-0425.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/11650.c", "reference_id": "CVE-2010-0425;OSVDB-62674", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/11650.c" }, { "reference_url": "http://www.senseofsecurity.com.au/advisories/SOS-10-002", "reference_id": "CVE-2010-0425;OSVDB-62674", "reference_type": "exploit", "scores": [], "url": "http://www.senseofsecurity.com.au/advisories/SOS-10-002" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-0425" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7krj-8vat-3ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3809?format=api", "vulnerability_id": "VCID-91u7-vh6n-v7fm", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21778", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21628", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21943", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21761", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21839", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21894", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21811", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21818", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21634", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21782", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32506", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006", "reference_id": "1970006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006" }, { "reference_url": "https://security.archlinux.org/AVG-2054", "reference_id": "AVG-2054", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2054" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13938.json", "reference_id": "CVE-2020-13938", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13938.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-13938" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/154920?format=api", "vulnerability_id": "VCID-a38m-yzz2-qfcv", "summary": "The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54725", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54786", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54837", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54834", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54844", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54845", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54826", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54801", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54821", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.54797", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3675" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3675" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a38m-yzz2-qfcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3861?format=api", "vulnerability_id": "VCID-b9ks-detx-nkdw", "summary": "Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via \nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1559", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15658", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1567", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1572", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16096", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1616", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16137", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16098", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.1603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15976", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379332", "reference_id": "2379332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379332" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-43394.json", "reference_id": "CVE-2024-43394", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-43394.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584090?format=api", "purl": "pkg:deb/debian/apache2@2.4.65-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.65-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43394" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ks-detx-nkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3831?format=api", "vulnerability_id": "VCID-dg2r-uz3a-dug5", "summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66123", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68064", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68094", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68109", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68045", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.6816", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.6817", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.6812", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68086", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68123", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68136", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68118", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095000", "reference_id": "2095000", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095000" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28330.json", "reference_id": "CVE-2022-28330", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28330.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28330" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg2r-uz3a-dug5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3724?format=api", "vulnerability_id": "VCID-drp9-bvkd-4kaq", "summary": "An information disclosure flaw was found in mod_proxy_http in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those configurations which trigger the use of proxy worker pools are affected. There was no vulnerability on earlier versions, as proxy pools were not yet introduced.\nThe simplest workaround is to globally configure;\nSetEnv proxy-nokeepalive 1", "references": [ { "reference_url": "http://httpd.apache.org/security/vulnerabilities_22.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://httpd.apache.org/security/vulnerabilities_22.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" }, { "reference_url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E" }, { "reference_url": "http://marc.info/?l=apache-announce&m=128009718610929&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=apache-announce&m=128009718610929&w=2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92408", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.9235", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92402", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92363", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92379", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92384", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92389", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92392", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.9239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08537", "scoring_system": "epss", "scoring_elements": "0.92401", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2068" }, { "reference_url": "http://secunia.com/advisories/40206", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/40206" }, { "reference_url": "http://secunia.com/advisories/40824", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/40824" }, { "reference_url": "http://secunia.com/advisories/41480", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41480" }, { "reference_url": "http://secunia.com/advisories/41490", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41490" }, { "reference_url": "http://secunia.com/advisories/41722", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41722" }, { "reference_url": "http://securitytracker.com/id?1024096", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024096" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59413" }, { "reference_url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931" }, { "reference_url": "http://support.apple.com/kb/HT4581", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT4581" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4" }, { "reference_url": "http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch" }, { "reference_url": "http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch" }, { "reference_url": "http://www.ibm.com/support/docview.wss?uid=swg1PM16366", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM16366" }, { "reference_url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/511809/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/511809/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/40827", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/40827" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/1436", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/1436" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2010-2068.json", "reference_id": "CVE-2010-2068", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2010-2068.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2068", "reference_id": "CVE-2010-2068", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2068" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2068" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drp9-bvkd-4kaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3738?format=api", "vulnerability_id": "VCID-ehff-j1pz-b7e8", "summary": "The modules mod_proxy_ajp and mod_proxy_http did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users.", "references": [ { "reference_url": "http://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3502.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88106", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88014", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88102", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88107", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88023", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88037", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88063", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88069", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88079", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88073", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88086", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03787", "scoring_system": "epss", "scoring_elements": "0.88084", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3502" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "http://www.apache.org/dist/httpd/CHANGES_2.4.3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.3" }, { "reference_url": "http://www.securityfocus.com/bid/55131", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/55131" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=850776", "reference_id": "850776", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850776" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2012-3502.json", "reference_id": "CVE-2012-3502", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2012-3502.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3502", "reference_id": "CVE-2012-3502", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3502" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3502" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehff-j1pz-b7e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3735?format=api", "vulnerability_id": "VCID-ese4-47tg-efbw", "summary": "Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0883.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0883.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41418", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41584", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41671", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41626", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41676", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41707", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4166", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41681", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41607", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41496", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0883" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=813559", "reference_id": "813559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813559" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2012-0883.json", "reference_id": "CVE-2012-0883", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2012-0883.json" }, { "reference_url": "https://security.gentoo.org/glsa/201206-25", "reference_id": "GLSA-201206-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1594", "reference_id": "RHSA-2012:1594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1594" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-0883" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ese4-47tg-efbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3822?format=api", "vulnerability_id": "VCID-ffpe-1ctd-77e9", "summary": "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache 2.4.49 and not earlier versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94391", "scoring_system": "epss", "scoring_elements": "0.99973", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.94433", "scoring_system": "epss", "scoring_elements": "0.99985", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41773" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/16/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/05/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/05/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010757", "reference_id": "2010757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010757" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/15/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/15/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/11/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/11/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/6" }, { "reference_url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html", "reference_id": "Apache-HTTP-Server-2.4.49-Path-Traversal.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html" }, { "reference_url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "https://security.archlinux.org/AVG-2442", "reference_id": "AVG-2442", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2442" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_id": "cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh", "reference_id": "CVE-2021-41773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-41773.json", "reference_id": "CVE-2021-41773", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-41773.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py", "reference_id": "CVE-2021-42013;CVE-2021-41773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211029-0009/", "reference_id": "ntap-20211029-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" }, { "reference_url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E", "reference_id": "r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_id": "r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E", "reference_id": "r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_id": "rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/", "reference_id": "RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/", "reference_id": "WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585412?format=api", "purl": "pkg:deb/debian/apache2@2.4.50-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.50-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41773" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83872?format=api", "vulnerability_id": "VCID-ge2x-rh2r-kqb2", "summary": "httpd: # character matches all IPs", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12171.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81318", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81327", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81376", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81381", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81402", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8139", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81382", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81419", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8142", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81442", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.8145", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01543", "scoring_system": "epss", "scoring_elements": "0.81454", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12171" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056", "reference_id": "1493056", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2972", "reference_id": "RHSA-2017:2972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2972" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12171" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ge2x-rh2r-kqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3821?format=api", "vulnerability_id": "VCID-hj5r-jms3-x3fe", "summary": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91488", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91557", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91551", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91559", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91495", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.9151", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91534", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91535", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91533", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91555", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.9155", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41524" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934", "reference_id": "2010934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "reference_url": "https://security.archlinux.org/AVG-2442", "reference_id": "AVG-2442", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2442" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-41524.json", "reference_id": "CVE-2021-41524", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-41524.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585412?format=api", "purl": "pkg:deb/debian/apache2@2.4.50-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.50-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-41524" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3774?format=api", "vulnerability_id": "VCID-khfr-kgtb-rfam", "summary": "When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93796", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93863", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93858", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93864", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93865", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93814", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.9383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93836", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470750", "reference_id": "1470750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470750" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9789.json", "reference_id": "CVE-2017-9789", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9789.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9789" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3849?format=api", "vulnerability_id": "VCID-nbar-1p1f-bqfk", "summary": "SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38472.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90236", "scoring_system": "epss", "scoring_elements": "0.99597", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.90236", "scoring_system": "epss", "scoring_elements": "0.99598", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.90493", "scoring_system": "epss", "scoring_elements": "0.99608", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90493", "scoring_system": "epss", "scoring_elements": "0.9961", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.90493", "scoring_system": "epss", "scoring_elements": "0.99611", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90493", "scoring_system": "epss", "scoring_elements": "0.99609", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.90493", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90493", "scoring_system": "epss", "scoring_elements": "0.99607", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90555", "scoring_system": "epss", "scoring_elements": "0.99619", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-38472" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295011", "reference_id": "2295011", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295011" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-38472.json", "reference_id": "CVE-2024-38472", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-38472.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6928", "reference_id": "RHSA-2024:6928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-38472" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbar-1p1f-bqfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3870?format=api", "vulnerability_id": "VCID-pru9-2rza-qycd", "summary": "Server-Side Request Forgery (SSRF) vulnerability \n\n in Apache HTTP Server on Windows \n\nwith AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17765", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17718", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21554", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2157", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21564", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21773", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21801", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21743", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2175", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21717", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-59775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419141", "reference_id": "2419141", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419141" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-59775.json", "reference_id": "CVE-2025-59775", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-59775.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5156", "reference_id": "RHSA-2026:5156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5156" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-59775" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pru9-2rza-qycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3856?format=api", "vulnerability_id": "VCID-pz6f-mahv-hue8", "summary": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.  \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47796", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47847", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47871", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47857", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47911", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47905", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47839", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47849", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47828", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.4785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47799", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.47851", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295761", "reference_id": "2295761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295761" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/17/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/17/6" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-39884.json", "reference_id": "CVE-2024-39884", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-39884.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-31", "reference_id": "GLSA-202409-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-31" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240712-0002/", "reference_id": "ntap-20240712-0002", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240712-0002/" }, { "reference_url": "https://usn.ubuntu.com/6885-1/", "reference_id": "USN-6885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583583?format=api", "purl": "pkg:deb/debian/apache2@2.4.61-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.61-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-39884" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6f-mahv-hue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3823?format=api", "vulnerability_id": "VCID-qn74-neyt-jkg9", "summary": "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. \n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99977", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99978", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99979", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/16/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011900", "reference_id": "2011900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011900" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/15/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/15/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/11/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/11/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/6" }, { "reference_url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html" }, { "reference_url": "https://www.povilaika.com/apache-2-4-50-exploit/", "reference_id": "apache-2-4-50-exploit", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://www.povilaika.com/apache-2-4-50-exploit/" }, { "reference_url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html", "reference_id": "Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html" }, { "reference_url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "https://security.archlinux.org/ASA-202110-1", "reference_id": "ASA-202110-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-1" }, { "reference_url": "https://security.archlinux.org/AVG-2450", "reference_id": "AVG-2450", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2450" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_id": "cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh", "reference_id": "CVE-2021-42013", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh", "reference_id": "CVE-2021-42013", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-42013.json", "reference_id": "CVE-2021-42013", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-42013.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "http://jvn.jp/en/jp/JVN51106450/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://jvn.jp/en/jp/JVN51106450/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211029-0009/", "reference_id": "ntap-20211029-0009", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" }, { "reference_url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_id": "r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_id": "rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/", "reference_id": "RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/", "reference_id": "WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/586654?format=api", "purl": "pkg:deb/debian/apache2@2.4.51-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.51-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42013" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3752?format=api", "vulnerability_id": "VCID-rhwb-4vyp-8kf2", "summary": "A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server.", "references": [ { "reference_url": "http://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3523.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3523.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.9701", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.9706", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97056", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97057", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97018", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97032", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97033", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97036", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97047", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.35235", "scoring_system": "epss", "scoring_elements": "0.97051", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3523" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c" }, { "reference_url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h", "reference_id": "", "reference_type": "", "scores": [], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h" }, { "reference_url": "http://www.securityfocus.com/bid/68747", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68747" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121519", "reference_id": "1121519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121519" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-3523.json", "reference_id": "CVE-2014-3523", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-3523.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3523", "reference_id": "CVE-2014-3523", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2957", "reference_id": "RHSA-2016:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2957" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3523" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhwb-4vyp-8kf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3757?format=api", "vulnerability_id": "VCID-tcmz-a5dq-d7cj", "summary": "A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93317", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.9326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93268", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93274", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93272", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93286", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93306", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93311", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93319", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93324", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.1061", "scoring_system": "epss", "scoring_elements": "0.93321", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0253" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243891", "reference_id": "1243891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243891" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2015-0253.json", "reference_id": "CVE-2015-0253", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2015-0253.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1666", "reference_id": "RHSA-2015:1666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0253" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcmz-a5dq-d7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79930?format=api", "vulnerability_id": "VCID-w2tb-2uvg-g7hv", "summary": "httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Red Hat Enterprise Linux 8.5", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20325.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76069", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76073", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76105", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76084", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76118", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76129", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.7617", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76174", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76157", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76196", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76206", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00933", "scoring_system": "epss", "scoring_elements": "0.76219", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20325" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017321", "reference_id": "2017321", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4537", "reference_id": "RHSA-2021:4537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4537" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-20325" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2tb-2uvg-g7hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115345?format=api", "vulnerability_id": "VCID-wg13-h6gt-r7h5", "summary": "Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.9501", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95021", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95022", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95025", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95032", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95036", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95042", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95043", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95046", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95055", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95058", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.9506", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.17318", "scoring_system": "epss", "scoring_elements": "0.95059", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4110" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28365.txt", "reference_id": "CVE-2006-4110;OSVDB-27913", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28365.txt" }, { "reference_url": "https://www.securityfocus.com/bid/19447/info", "reference_id": "CVE-2006-4110;OSVDB-27913", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/19447/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-4110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg13-h6gt-r7h5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3867?format=api", "vulnerability_id": "VCID-xhtj-rr3y-puc7", "summary": "A bug in Apache HTTP Server 2.4.64 results in all \"RewriteCond expr ...\" tests evaluating as \"true\".\n\n\n\nUsers are recommended to upgrade to version 2.4.65, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54090.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54090.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.5246", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52432", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52424", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54448", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54409", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54449", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57389", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57346", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57327", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57324", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57367", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54090" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383014", "reference_id": "2383014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383014" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-54090.json", "reference_id": "CVE-2025-54090", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-54090.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582525?format=api", "purl": "pkg:deb/debian/apache2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582274?format=api", "purl": "pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/585548?format=api", "purl": "pkg:deb/debian/apache2@2.4.65-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.65-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582275?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582276?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582277?format=api", "purl": "pkg:deb/debian/apache2@2.4.66-8?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54090" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhtj-rr3y-puc7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie" }