Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:ebuild/www-servers/apache@2.4.62
Typeebuild
Namespacewww-servers
Nameapache
Version2.4.62
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2e6w-fs4j-17g9
vulnerability_id VCID-2e6w-fs4j-17g9
summary HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27316
reference_id
reference_type
scores
0
value 0.89409
scoring_system epss
scoring_elements 0.99549
published_at 2026-04-16T12:55:00Z
1
value 0.89409
scoring_system epss
scoring_elements 0.99542
published_at 2026-04-02T12:55:00Z
2
value 0.89409
scoring_system epss
scoring_elements 0.99543
published_at 2026-04-04T12:55:00Z
3
value 0.89409
scoring_system epss
scoring_elements 0.99545
published_at 2026-04-11T12:55:00Z
4
value 0.89409
scoring_system epss
scoring_elements 0.99546
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27316
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id 1068412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
10
reference_url https://www.openwall.com/lists/oss-security/2024/04/03/16
reference_id 16
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url https://www.openwall.com/lists/oss-security/2024/04/03/16
11
reference_url http://seclists.org/fulldisclosure/2024/Jul/18
reference_id 18
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url http://seclists.org/fulldisclosure/2024/Jul/18
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268277
reference_id 2268277
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268277
13
reference_url http://www.openwall.com/lists/oss-security/2024/04/04/4
reference_id 4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url http://www.openwall.com/lists/oss-security/2024/04/04/4
14
reference_url https://httpd.apache.org/security/json/CVE-2024-27316.json
reference_id CVE-2024-27316
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-27316.json
15
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
16
reference_url https://support.apple.com/kb/HT214119
reference_id HT214119
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/
url https://support.apple.com/kb/HT214119
17
reference_url https://access.redhat.com/errata/RHSA-2024:1786
reference_id RHSA-2024:1786
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1786
18
reference_url https://access.redhat.com/errata/RHSA-2024:1872
reference_id RHSA-2024:1872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1872
19
reference_url https://access.redhat.com/errata/RHSA-2024:2564
reference_id RHSA-2024:2564
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2564
20
reference_url https://access.redhat.com/errata/RHSA-2024:2693
reference_id RHSA-2024:2693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2693
21
reference_url https://access.redhat.com/errata/RHSA-2024:2694
reference_id RHSA-2024:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2694
22
reference_url https://access.redhat.com/errata/RHSA-2024:2891
reference_id RHSA-2024:2891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2891
23
reference_url https://access.redhat.com/errata/RHSA-2024:2907
reference_id RHSA-2024:2907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2907
24
reference_url https://access.redhat.com/errata/RHSA-2024:3402
reference_id RHSA-2024:3402
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3402
25
reference_url https://access.redhat.com/errata/RHSA-2024:3417
reference_id RHSA-2024:3417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3417
26
reference_url https://access.redhat.com/errata/RHSA-2024:4390
reference_id RHSA-2024:4390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4390
27
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
28
reference_url https://usn.ubuntu.com/6729-1/
reference_id USN-6729-1
reference_type
scores
url https://usn.ubuntu.com/6729-1/
29
reference_url https://usn.ubuntu.com/6729-2/
reference_id USN-6729-2
reference_type
scores
url https://usn.ubuntu.com/6729-2/
30
reference_url https://usn.ubuntu.com/6729-3/
reference_id USN-6729-3
reference_type
scores
url https://usn.ubuntu.com/6729-3/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-27316
risk_score 10.0
exploitability 2.0
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e6w-fs4j-17g9
1
url VCID-4jfa-3r1g-m7h8
vulnerability_id VCID-4jfa-3r1g-m7h8
summary 
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.

Users are recommended to upgrade to version 2.4.62 which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40898.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40898.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-40898
reference_id
reference_type
scores
0
value 0.00549
scoring_system epss
scoring_elements 0.67973
published_at 2026-04-16T12:55:00Z
1
value 0.00549
scoring_system epss
scoring_elements 0.67984
published_at 2026-04-11T12:55:00Z
2
value 0.00549
scoring_system epss
scoring_elements 0.67971
published_at 2026-04-12T12:55:00Z
3
value 0.00549
scoring_system epss
scoring_elements 0.67936
published_at 2026-04-13T12:55:00Z
4
value 0.00549
scoring_system epss
scoring_elements 0.67897
published_at 2026-04-02T12:55:00Z
5
value 0.00549
scoring_system epss
scoring_elements 0.67915
published_at 2026-04-04T12:55:00Z
6
value 0.00549
scoring_system epss
scoring_elements 0.67895
published_at 2026-04-07T12:55:00Z
7
value 0.00549
scoring_system epss
scoring_elements 0.67946
published_at 2026-04-08T12:55:00Z
8
value 0.00549
scoring_system epss
scoring_elements 0.6796
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-40898
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2298648
reference_id 2298648
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2298648
4
reference_url https://httpd.apache.org/security/json/CVE-2024-40898.json
reference_id CVE-2024-40898
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-40898.json
5
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
6
reference_url https://access.redhat.com/errata/RHSA-2024:6928
reference_id RHSA-2024:6928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6928
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-40898
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jfa-3r1g-m7h8
2
url VCID-6tgh-b4td-63f5
vulnerability_id VCID-6tgh-b4td-63f5
summary 
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39573
reference_id
reference_type
scores
0
value 0.03117
scoring_system epss
scoring_elements 0.8685
published_at 2026-04-16T12:55:00Z
1
value 0.0316
scoring_system epss
scoring_elements 0.86914
published_at 2026-04-09T12:55:00Z
2
value 0.0316
scoring_system epss
scoring_elements 0.86917
published_at 2026-04-13T12:55:00Z
3
value 0.0316
scoring_system epss
scoring_elements 0.86923
published_at 2026-04-12T12:55:00Z
4
value 0.0316
scoring_system epss
scoring_elements 0.86927
published_at 2026-04-11T12:55:00Z
5
value 0.0316
scoring_system epss
scoring_elements 0.86873
published_at 2026-04-02T12:55:00Z
6
value 0.0316
scoring_system epss
scoring_elements 0.86891
published_at 2026-04-04T12:55:00Z
7
value 0.0316
scoring_system epss
scoring_elements 0.86886
published_at 2026-04-07T12:55:00Z
8
value 0.0316
scoring_system epss
scoring_elements 0.86906
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39573
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295022
reference_id 2295022
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295022
11
reference_url https://httpd.apache.org/security/json/CVE-2024-39573.json
reference_id CVE-2024-39573
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-39573.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:41:48Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:4720
reference_id RHSA-2024:4720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4720
15
reference_url https://access.redhat.com/errata/RHSA-2024:4726
reference_id RHSA-2024:4726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4726
16
reference_url https://access.redhat.com/errata/RHSA-2024:5001
reference_id RHSA-2024:5001
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5001
17
reference_url https://access.redhat.com/errata/RHSA-2024:5239
reference_id RHSA-2024:5239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5239
18
reference_url https://access.redhat.com/errata/RHSA-2024:5240
reference_id RHSA-2024:5240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5240
19
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-39573
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tgh-b4td-63f5
3
url VCID-8edq-8rvq-rkf1
vulnerability_id VCID-8edq-8rvq-rkf1
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38475
reference_id
reference_type
scores
0
value 0.93858
scoring_system epss
scoring_elements 0.99869
published_at 2026-04-16T12:55:00Z
1
value 0.93858
scoring_system epss
scoring_elements 0.99867
published_at 2026-04-09T12:55:00Z
2
value 0.93858
scoring_system epss
scoring_elements 0.99868
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38475
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295014
reference_id 2295014
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295014
11
reference_url https://httpd.apache.org/security/json/CVE-2024-38475.json
reference_id CVE-2024-38475
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-38475.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-05-02T03:55:18Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:4719
reference_id RHSA-2024:4719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4719
15
reference_url https://access.redhat.com/errata/RHSA-2024:4720
reference_id RHSA-2024:4720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4720
16
reference_url https://access.redhat.com/errata/RHSA-2024:4726
reference_id RHSA-2024:4726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4726
17
reference_url https://access.redhat.com/errata/RHSA-2024:4820
reference_id RHSA-2024:4820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4820
18
reference_url https://access.redhat.com/errata/RHSA-2024:4827
reference_id RHSA-2024:4827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4827
19
reference_url https://access.redhat.com/errata/RHSA-2024:4830
reference_id RHSA-2024:4830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4830
20
reference_url https://access.redhat.com/errata/RHSA-2024:4862
reference_id RHSA-2024:4862
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4862
21
reference_url https://access.redhat.com/errata/RHSA-2024:4863
reference_id RHSA-2024:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4863
22
reference_url https://access.redhat.com/errata/RHSA-2024:4938
reference_id RHSA-2024:4938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4938
23
reference_url https://access.redhat.com/errata/RHSA-2024:4943
reference_id RHSA-2024:4943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4943
24
reference_url https://access.redhat.com/errata/RHSA-2024:5239
reference_id RHSA-2024:5239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5239
25
reference_url https://access.redhat.com/errata/RHSA-2024:5240
reference_id RHSA-2024:5240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5240
26
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
27
reference_url https://usn.ubuntu.com/6885-3/
reference_id USN-6885-3
reference_type
scores
url https://usn.ubuntu.com/6885-3/
28
reference_url https://usn.ubuntu.com/6885-5/
reference_id USN-6885-5
reference_type
scores
url https://usn.ubuntu.com/6885-5/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-38475
risk_score 10.0
exploitability 2.0
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8edq-8rvq-rkf1
4
url VCID-8nw9-zpxn-ckab
vulnerability_id VCID-8nw9-zpxn-ckab
summary 
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38476
reference_id
reference_type
scores
0
value 0.03452
scoring_system epss
scoring_elements 0.87486
published_at 2026-04-07T12:55:00Z
1
value 0.03452
scoring_system epss
scoring_elements 0.87519
published_at 2026-04-12T12:55:00Z
2
value 0.03452
scoring_system epss
scoring_elements 0.87523
published_at 2026-04-11T12:55:00Z
3
value 0.03452
scoring_system epss
scoring_elements 0.87512
published_at 2026-04-09T12:55:00Z
4
value 0.03452
scoring_system epss
scoring_elements 0.87505
published_at 2026-04-08T12:55:00Z
5
value 0.03452
scoring_system epss
scoring_elements 0.87515
published_at 2026-04-13T12:55:00Z
6
value 0.03545
scoring_system epss
scoring_elements 0.87649
published_at 2026-04-04T12:55:00Z
7
value 0.03545
scoring_system epss
scoring_elements 0.87636
published_at 2026-04-02T12:55:00Z
8
value 0.04554
scoring_system epss
scoring_elements 0.89205
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38476
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295015
reference_id 2295015
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295015
11
reference_url https://httpd.apache.org/security/json/CVE-2024-38476.json
reference_id CVE-2024-38476
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-38476.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T03:55:12Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:5138
reference_id RHSA-2024:5138
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5138
15
reference_url https://access.redhat.com/errata/RHSA-2024:5193
reference_id RHSA-2024:5193
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5193
16
reference_url https://access.redhat.com/errata/RHSA-2024:5239
reference_id RHSA-2024:5239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5239
17
reference_url https://access.redhat.com/errata/RHSA-2024:5240
reference_id RHSA-2024:5240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5240
18
reference_url https://access.redhat.com/errata/RHSA-2024:5812
reference_id RHSA-2024:5812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5812
19
reference_url https://access.redhat.com/errata/RHSA-2024:5832
reference_id RHSA-2024:5832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5832
20
reference_url https://access.redhat.com/errata/RHSA-2024:6136
reference_id RHSA-2024:6136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6136
21
reference_url https://access.redhat.com/errata/RHSA-2024:6467
reference_id RHSA-2024:6467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6467
22
reference_url https://access.redhat.com/errata/RHSA-2024:6468
reference_id RHSA-2024:6468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6468
23
reference_url https://access.redhat.com/errata/RHSA-2024:6583
reference_id RHSA-2024:6583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6583
24
reference_url https://access.redhat.com/errata/RHSA-2024:6584
reference_id RHSA-2024:6584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6584
25
reference_url https://access.redhat.com/errata/RHSA-2024:7101
reference_id RHSA-2024:7101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7101
26
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
27
reference_url https://usn.ubuntu.com/6885-3/
reference_id USN-6885-3
reference_type
scores
url https://usn.ubuntu.com/6885-3/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-38476
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8nw9-zpxn-ckab
5
url VCID-bau7-pme5-ckbt
vulnerability_id VCID-bau7-pme5-ckbt
summary 
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.

Users are recommended to upgrade to version 2.4.59, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24795
reference_id
reference_type
scores
0
value 0.01123
scoring_system epss
scoring_elements 0.78297
published_at 2026-04-16T12:55:00Z
1
value 0.01123
scoring_system epss
scoring_elements 0.78289
published_at 2026-04-11T12:55:00Z
2
value 0.01123
scoring_system epss
scoring_elements 0.78271
published_at 2026-04-12T12:55:00Z
3
value 0.01123
scoring_system epss
scoring_elements 0.78267
published_at 2026-04-13T12:55:00Z
4
value 0.01123
scoring_system epss
scoring_elements 0.78219
published_at 2026-04-02T12:55:00Z
5
value 0.01123
scoring_system epss
scoring_elements 0.78249
published_at 2026-04-04T12:55:00Z
6
value 0.01123
scoring_system epss
scoring_elements 0.78231
published_at 2026-04-07T12:55:00Z
7
value 0.01123
scoring_system epss
scoring_elements 0.78258
published_at 2026-04-08T12:55:00Z
8
value 0.01123
scoring_system epss
scoring_elements 0.78264
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24795
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id 1068412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2273499
reference_id 2273499
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2273499
11
reference_url https://httpd.apache.org/security/json/CVE-2024-24795.json
reference_id CVE-2024-24795
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-24795.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://access.redhat.com/errata/RHSA-2024:9306
reference_id RHSA-2024:9306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9306
14
reference_url https://access.redhat.com/errata/RHSA-2025:3452
reference_id RHSA-2025:3452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3452
15
reference_url https://access.redhat.com/errata/RHSA-2025:3453
reference_id RHSA-2025:3453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3453
16
reference_url https://usn.ubuntu.com/6729-1/
reference_id USN-6729-1
reference_type
scores
url https://usn.ubuntu.com/6729-1/
17
reference_url https://usn.ubuntu.com/6729-2/
reference_id USN-6729-2
reference_type
scores
url https://usn.ubuntu.com/6729-2/
18
reference_url https://usn.ubuntu.com/6729-3/
reference_id USN-6729-3
reference_type
scores
url https://usn.ubuntu.com/6729-3/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-24795
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bau7-pme5-ckbt
6
url VCID-ej7y-7na3-5qby
vulnerability_id VCID-ej7y-7na3-5qby
summary 
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.

Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38474
reference_id
reference_type
scores
0
value 0.00744
scoring_system epss
scoring_elements 0.73003
published_at 2026-04-04T12:55:00Z
1
value 0.00744
scoring_system epss
scoring_elements 0.72979
published_at 2026-04-07T12:55:00Z
2
value 0.00744
scoring_system epss
scoring_elements 0.73016
published_at 2026-04-08T12:55:00Z
3
value 0.00744
scoring_system epss
scoring_elements 0.7303
published_at 2026-04-09T12:55:00Z
4
value 0.00744
scoring_system epss
scoring_elements 0.73055
published_at 2026-04-11T12:55:00Z
5
value 0.00744
scoring_system epss
scoring_elements 0.73034
published_at 2026-04-12T12:55:00Z
6
value 0.00744
scoring_system epss
scoring_elements 0.73027
published_at 2026-04-13T12:55:00Z
7
value 0.00744
scoring_system epss
scoring_elements 0.72983
published_at 2026-04-02T12:55:00Z
8
value 0.00994
scoring_system epss
scoring_elements 0.76966
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38474
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295013
reference_id 2295013
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295013
11
reference_url https://httpd.apache.org/security/json/CVE-2024-38474.json
reference_id CVE-2024-38474
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-38474.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:02:41Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:4719
reference_id RHSA-2024:4719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4719
15
reference_url https://access.redhat.com/errata/RHSA-2024:4720
reference_id RHSA-2024:4720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4720
16
reference_url https://access.redhat.com/errata/RHSA-2024:4726
reference_id RHSA-2024:4726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4726
17
reference_url https://access.redhat.com/errata/RHSA-2024:4820
reference_id RHSA-2024:4820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4820
18
reference_url https://access.redhat.com/errata/RHSA-2024:4827
reference_id RHSA-2024:4827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4827
19
reference_url https://access.redhat.com/errata/RHSA-2024:4830
reference_id RHSA-2024:4830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4830
20
reference_url https://access.redhat.com/errata/RHSA-2024:4862
reference_id RHSA-2024:4862
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4862
21
reference_url https://access.redhat.com/errata/RHSA-2024:4863
reference_id RHSA-2024:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4863
22
reference_url https://access.redhat.com/errata/RHSA-2024:4938
reference_id RHSA-2024:4938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4938
23
reference_url https://access.redhat.com/errata/RHSA-2024:4943
reference_id RHSA-2024:4943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4943
24
reference_url https://access.redhat.com/errata/RHSA-2024:5239
reference_id RHSA-2024:5239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5239
25
reference_url https://access.redhat.com/errata/RHSA-2024:5240
reference_id RHSA-2024:5240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5240
26
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
27
reference_url https://usn.ubuntu.com/6885-3/
reference_id USN-6885-3
reference_type
scores
url https://usn.ubuntu.com/6885-3/
28
reference_url https://usn.ubuntu.com/6885-5/
reference_id USN-6885-5
reference_type
scores
url https://usn.ubuntu.com/6885-5/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-38474
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ej7y-7na3-5qby
7
url VCID-ftjw-9fb6-d3cw
vulnerability_id VCID-ftjw-9fb6-d3cw
summary 
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38473
reference_id
reference_type
scores
0
value 0.88261
scoring_system epss
scoring_elements 0.99494
published_at 2026-04-16T12:55:00Z
1
value 0.88261
scoring_system epss
scoring_elements 0.99486
published_at 2026-04-02T12:55:00Z
2
value 0.88261
scoring_system epss
scoring_elements 0.99488
published_at 2026-04-04T12:55:00Z
3
value 0.88261
scoring_system epss
scoring_elements 0.9949
published_at 2026-04-07T12:55:00Z
4
value 0.88261
scoring_system epss
scoring_elements 0.99491
published_at 2026-04-08T12:55:00Z
5
value 0.88261
scoring_system epss
scoring_elements 0.99492
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38473
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295012
reference_id 2295012
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295012
11
reference_url https://httpd.apache.org/security/json/CVE-2024-38473.json
reference_id CVE-2024-38473
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-38473.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T13:55:35Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:4720
reference_id RHSA-2024:4720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4720
15
reference_url https://access.redhat.com/errata/RHSA-2024:4726
reference_id RHSA-2024:4726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4726
16
reference_url https://access.redhat.com/errata/RHSA-2024:5001
reference_id RHSA-2024:5001
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5001
17
reference_url https://access.redhat.com/errata/RHSA-2024:5239
reference_id RHSA-2024:5239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5239
18
reference_url https://access.redhat.com/errata/RHSA-2024:5240
reference_id RHSA-2024:5240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5240
19
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-38473
risk_score 10.0
exploitability 2.0
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftjw-9fb6-d3cw
8
url VCID-nbar-1p1f-bqfk
vulnerability_id VCID-nbar-1p1f-bqfk
summary 
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content 
Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38472.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38472.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38472
reference_id
reference_type
scores
0
value 0.90493
scoring_system epss
scoring_elements 0.99611
published_at 2026-04-16T12:55:00Z
1
value 0.90493
scoring_system epss
scoring_elements 0.99609
published_at 2026-04-11T12:55:00Z
2
value 0.90493
scoring_system epss
scoring_elements 0.9961
published_at 2026-04-13T12:55:00Z
3
value 0.90493
scoring_system epss
scoring_elements 0.99606
published_at 2026-04-02T12:55:00Z
4
value 0.90493
scoring_system epss
scoring_elements 0.99607
published_at 2026-04-04T12:55:00Z
5
value 0.90493
scoring_system epss
scoring_elements 0.99608
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38472
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295011
reference_id 2295011
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295011
3
reference_url https://httpd.apache.org/security/json/CVE-2024-38472.json
reference_id CVE-2024-38472
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-38472.json
4
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
5
reference_url https://access.redhat.com/errata/RHSA-2024:6928
reference_id RHSA-2024:6928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6928
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-38472
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbar-1p1f-bqfk
9
url VCID-pjxs-hnjr-duey
vulnerability_id VCID-pjxs-hnjr-duey
summary 
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38477
reference_id
reference_type
scores
0
value 0.01148
scoring_system epss
scoring_elements 0.78479
published_at 2026-04-12T12:55:00Z
1
value 0.01148
scoring_system epss
scoring_elements 0.78498
published_at 2026-04-11T12:55:00Z
2
value 0.01148
scoring_system epss
scoring_elements 0.78472
published_at 2026-04-13T12:55:00Z
3
value 0.01347
scoring_system epss
scoring_elements 0.80057
published_at 2026-04-04T12:55:00Z
4
value 0.01347
scoring_system epss
scoring_elements 0.80036
published_at 2026-04-02T12:55:00Z
5
value 0.01347
scoring_system epss
scoring_elements 0.80046
published_at 2026-04-07T12:55:00Z
6
value 0.01347
scoring_system epss
scoring_elements 0.80075
published_at 2026-04-08T12:55:00Z
7
value 0.01509
scoring_system epss
scoring_elements 0.81227
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38477
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295016
reference_id 2295016
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295016
11
reference_url https://httpd.apache.org/security/json/CVE-2024-38477.json
reference_id CVE-2024-38477
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-38477.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:23:13Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:4719
reference_id RHSA-2024:4719
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4719
15
reference_url https://access.redhat.com/errata/RHSA-2024:4720
reference_id RHSA-2024:4720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4720
16
reference_url https://access.redhat.com/errata/RHSA-2024:4726
reference_id RHSA-2024:4726
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4726
17
reference_url https://access.redhat.com/errata/RHSA-2024:4820
reference_id RHSA-2024:4820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4820
18
reference_url https://access.redhat.com/errata/RHSA-2024:4827
reference_id RHSA-2024:4827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4827
19
reference_url https://access.redhat.com/errata/RHSA-2024:4830
reference_id RHSA-2024:4830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4830
20
reference_url https://access.redhat.com/errata/RHSA-2024:4862
reference_id RHSA-2024:4862
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4862
21
reference_url https://access.redhat.com/errata/RHSA-2024:4863
reference_id RHSA-2024:4863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4863
22
reference_url https://access.redhat.com/errata/RHSA-2024:4938
reference_id RHSA-2024:4938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4938
23
reference_url https://access.redhat.com/errata/RHSA-2024:4943
reference_id RHSA-2024:4943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4943
24
reference_url https://access.redhat.com/errata/RHSA-2024:5239
reference_id RHSA-2024:5239
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5239
25
reference_url https://access.redhat.com/errata/RHSA-2024:5240
reference_id RHSA-2024:5240
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5240
26
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
27
reference_url https://usn.ubuntu.com/6885-3/
reference_id USN-6885-3
reference_type
scores
url https://usn.ubuntu.com/6885-3/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-38477
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjxs-hnjr-duey
10
url VCID-pz6f-mahv-hue8
vulnerability_id VCID-pz6f-mahv-hue8
summary 
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.61, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39884
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.47911
published_at 2026-04-16T12:55:00Z
1
value 0.00246
scoring_system epss
scoring_elements 0.47828
published_at 2026-04-02T12:55:00Z
2
value 0.00246
scoring_system epss
scoring_elements 0.4785
published_at 2026-04-04T12:55:00Z
3
value 0.00246
scoring_system epss
scoring_elements 0.47799
published_at 2026-04-07T12:55:00Z
4
value 0.00246
scoring_system epss
scoring_elements 0.47851
published_at 2026-04-08T12:55:00Z
5
value 0.00246
scoring_system epss
scoring_elements 0.47847
published_at 2026-04-12T12:55:00Z
6
value 0.00246
scoring_system epss
scoring_elements 0.47871
published_at 2026-04-11T12:55:00Z
7
value 0.00246
scoring_system epss
scoring_elements 0.47857
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39884
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295761
reference_id 2295761
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295761
5
reference_url http://www.openwall.com/lists/oss-security/2024/07/17/6
reference_id 6
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/
url http://www.openwall.com/lists/oss-security/2024/07/17/6
6
reference_url https://httpd.apache.org/security/json/CVE-2024-39884.json
reference_id CVE-2024-39884
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-39884.json
7
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
8
reference_url https://security.netapp.com/advisory/ntap-20240712-0002/
reference_id ntap-20240712-0002
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/
url https://security.netapp.com/advisory/ntap-20240712-0002/
9
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-39884
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6f-mahv-hue8
11
url VCID-qjeh-n57t-y7g5
vulnerability_id VCID-qjeh-n57t-y7g5
summary 
A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.62, which fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-40725
reference_id
reference_type
scores
0
value 0.25097
scoring_system epss
scoring_elements 0.96186
published_at 2026-04-16T12:55:00Z
1
value 0.25097
scoring_system epss
scoring_elements 0.96169
published_at 2026-04-08T12:55:00Z
2
value 0.25097
scoring_system epss
scoring_elements 0.96173
published_at 2026-04-09T12:55:00Z
3
value 0.25097
scoring_system epss
scoring_elements 0.96175
published_at 2026-04-12T12:55:00Z
4
value 0.25097
scoring_system epss
scoring_elements 0.96177
published_at 2026-04-13T12:55:00Z
5
value 0.25097
scoring_system epss
scoring_elements 0.96154
published_at 2026-04-04T12:55:00Z
6
value 0.25097
scoring_system epss
scoring_elements 0.96159
published_at 2026-04-07T12:55:00Z
7
value 0.26567
scoring_system epss
scoring_elements 0.96301
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-40725
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2297362
reference_id 2297362
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2297362
5
reference_url https://httpd.apache.org/security/json/CVE-2024-40725.json
reference_id CVE-2024-40725
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-40725.json
6
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
7
reference_url https://usn.ubuntu.com/6902-1/
reference_id USN-6902-1
reference_type
scores
url https://usn.ubuntu.com/6902-1/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-40725
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qjeh-n57t-y7g5
12
url VCID-r2pc-wuzb-h7hk
vulnerability_id VCID-r2pc-wuzb-h7hk
summary Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-36387
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.3428
published_at 2026-04-04T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34143
published_at 2026-04-07T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34186
published_at 2026-04-08T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.34215
published_at 2026-04-09T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.34216
published_at 2026-04-11T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.34173
published_at 2026-04-12T12:55:00Z
6
value 0.0014
scoring_system epss
scoring_elements 0.3415
published_at 2026-04-13T12:55:00Z
7
value 0.0014
scoring_system epss
scoring_elements 0.34247
published_at 2026-04-02T12:55:00Z
8
value 0.00187
scoring_system epss
scoring_elements 0.40615
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-36387
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2295006
reference_id 2295006
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2295006
11
reference_url https://httpd.apache.org/security/json/CVE-2024-36387.json
reference_id CVE-2024-36387
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2024-36387.json
12
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
13
reference_url https://security.netapp.com/advisory/ntap-20240712-0001/
reference_id ntap-20240712-0001
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:22:03Z/
url https://security.netapp.com/advisory/ntap-20240712-0001/
14
reference_url https://access.redhat.com/errata/RHSA-2024:8680
reference_id RHSA-2024:8680
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8680
15
reference_url https://access.redhat.com/errata/RHSA-2025:3452
reference_id RHSA-2025:3452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3452
16
reference_url https://access.redhat.com/errata/RHSA-2025:3453
reference_id RHSA-2025:3453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3453
17
reference_url https://usn.ubuntu.com/6885-1/
reference_id USN-6885-1
reference_type
scores
url https://usn.ubuntu.com/6885-1/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2024-36387
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2pc-wuzb-h7hk
13
url VCID-xhyc-9rpu-2bc8
vulnerability_id VCID-xhyc-9rpu-2bc8
summary 
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

This issue affects Apache HTTP Server: through 2.4.58.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38709
reference_id
reference_type
scores
0
value 0.03255
scoring_system epss
scoring_elements 0.87146
published_at 2026-04-16T12:55:00Z
1
value 0.03255
scoring_system epss
scoring_elements 0.8714
published_at 2026-04-11T12:55:00Z
2
value 0.03255
scoring_system epss
scoring_elements 0.87134
published_at 2026-04-12T12:55:00Z
3
value 0.03255
scoring_system epss
scoring_elements 0.87129
published_at 2026-04-13T12:55:00Z
4
value 0.03342
scoring_system epss
scoring_elements 0.87294
published_at 2026-04-08T12:55:00Z
5
value 0.03342
scoring_system epss
scoring_elements 0.87261
published_at 2026-04-02T12:55:00Z
6
value 0.03342
scoring_system epss
scoring_elements 0.87302
published_at 2026-04-09T12:55:00Z
7
value 0.03342
scoring_system epss
scoring_elements 0.87277
published_at 2026-04-04T12:55:00Z
8
value 0.03342
scoring_system epss
scoring_elements 0.87275
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38709
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
reference_id 1068412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412
10
reference_url http://seclists.org/fulldisclosure/2024/Jul/18
reference_id 18
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url http://seclists.org/fulldisclosure/2024/Jul/18
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2273491
reference_id 2273491
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2273491
12
reference_url http://www.openwall.com/lists/oss-security/2024/04/04/3
reference_id 3
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url http://www.openwall.com/lists/oss-security/2024/04/04/3
13
reference_url https://httpd.apache.org/security/json/CVE-2023-38709.json
reference_id CVE-2023-38709
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-38709.json
14
reference_url https://security.gentoo.org/glsa/202409-31
reference_id GLSA-202409-31
reference_type
scores
url https://security.gentoo.org/glsa/202409-31
15
reference_url https://support.apple.com/kb/HT214119
reference_id HT214119
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url https://support.apple.com/kb/HT214119
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
reference_id I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
reference_id LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/
18
reference_url https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
reference_id msg00013.html
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html
19
reference_url https://security.netapp.com/advisory/ntap-20240415-0013/
reference_id ntap-20240415-0013
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url https://security.netapp.com/advisory/ntap-20240415-0013/
20
reference_url https://access.redhat.com/errata/RHSA-2024:4197
reference_id RHSA-2024:4197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4197
21
reference_url https://access.redhat.com/errata/RHSA-2024:6927
reference_id RHSA-2024:6927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6927
22
reference_url https://access.redhat.com/errata/RHSA-2024:6928
reference_id RHSA-2024:6928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6928
23
reference_url https://access.redhat.com/errata/RHSA-2024:9306
reference_id RHSA-2024:9306
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9306
24
reference_url https://usn.ubuntu.com/6729-1/
reference_id USN-6729-1
reference_type
scores
url https://usn.ubuntu.com/6729-1/
25
reference_url https://usn.ubuntu.com/6729-2/
reference_id USN-6729-2
reference_type
scores
url https://usn.ubuntu.com/6729-2/
26
reference_url https://usn.ubuntu.com/6729-3/
reference_id USN-6729-3
reference_type
scores
url https://usn.ubuntu.com/6729-3/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
reference_id WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/
fixed_packages
0
url pkg:ebuild/www-servers/apache@2.4.62
purl pkg:ebuild/www-servers/apache@2.4.62
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62
aliases CVE-2023-38709
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhyc-9rpu-2bc8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.62