Lookup for vulnerable packages by Package URL.
| Purl | pkg:deb/debian/apache2@2.0.55-4.1?distro=trixie |
|---|
| Type | deb |
|---|
| Namespace | debian |
|---|
| Name | apache2 |
|---|
| Version | 2.0.55-4.1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 2.2.4-1 |
|---|
| Latest_non_vulnerable_version | 2.4.66-8 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-me4r-1qb6-dqdf |
| vulnerability_id |
VCID-me4r-1qb6-dqdf |
| summary |
A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-3918 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.91373 |
| scoring_system |
epss |
| scoring_elements |
0.99655 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.91373 |
| scoring_system |
epss |
| scoring_elements |
0.99654 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.91373 |
| scoring_system |
epss |
| scoring_elements |
0.99653 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.91373 |
| scoring_system |
epss |
| scoring_elements |
0.99659 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.91373 |
| scoring_system |
epss |
| scoring_elements |
0.99656 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.91373 |
| scoring_system |
epss |
| scoring_elements |
0.99658 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-3918 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-3918
|
| risk_score |
9.6 |
| exploitability |
2.0 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-me4r-1qb6-dqdf |
|
| 1 |
| url |
VCID-qf2e-kgxk-pkhc |
| vulnerability_id |
VCID-qf2e-kgxk-pkhc |
| summary |
An off-by-one flaw exists in the Rewrite module, mod_rewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely. For vulnerable builds, the nature of the vulnerability can be denial of service (crashing of web server processes) or potentially allow arbitrary code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2006-3747 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.92606 |
| scoring_system |
epss |
| scoring_elements |
0.99741 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.92606 |
| scoring_system |
epss |
| scoring_elements |
0.99742 |
| published_at |
2026-04-04T12:55:00Z |
|
| 2 |
| value |
0.92606 |
| scoring_system |
epss |
| scoring_elements |
0.99743 |
| published_at |
2026-04-13T12:55:00Z |
|
| 3 |
| value |
0.92606 |
| scoring_system |
epss |
| scoring_elements |
0.99744 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2006-3747 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2006-3747
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qf2e-kgxk-pkhc |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.0.55-4.1%3Fdistro=trixie |
|---|