Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/httpd@2.4.63-4.el10_1?arch=3
Typerpm
Namespaceredhat
Namehttpd
Version2.4.63-4.el10_1
Qualifiers
arch 3
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2d8p-bbc1-hkfa
vulnerability_id VCID-2d8p-bbc1-hkfa
summary 
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives.

This issue affects Apache HTTP Server before 2.4.66.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58098
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07443
published_at 2026-04-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07398
published_at 2026-04-02T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08766
published_at 2026-04-21T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08736
published_at 2026-04-13T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.08624
published_at 2026-04-16T12:55:00Z
5
value 0.00031
scoring_system epss
scoring_elements 0.08612
published_at 2026-04-18T12:55:00Z
6
value 0.00031
scoring_system epss
scoring_elements 0.08669
published_at 2026-04-07T12:55:00Z
7
value 0.00031
scoring_system epss
scoring_elements 0.08745
published_at 2026-04-08T12:55:00Z
8
value 0.00031
scoring_system epss
scoring_elements 0.08771
published_at 2026-04-09T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08772
published_at 2026-04-11T12:55:00Z
10
value 0.00031
scoring_system epss
scoring_elements 0.0875
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58098
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
reference_id 1121926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419365
reference_id 2419365
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2419365
6
reference_url https://httpd.apache.org/security/json/CVE-2025-58098.json
reference_id CVE-2025-58098
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2025-58098.json
7
reference_url https://access.redhat.com/errata/RHSA-2025:23732
reference_id RHSA-2025:23732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23732
8
reference_url https://access.redhat.com/errata/RHSA-2025:23919
reference_id RHSA-2025:23919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23919
9
reference_url https://access.redhat.com/errata/RHSA-2025:23932
reference_id RHSA-2025:23932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23932
10
reference_url https://access.redhat.com/errata/RHSA-2026:0009
reference_id RHSA-2026:0009
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0009
11
reference_url https://access.redhat.com/errata/RHSA-2026:0010
reference_id RHSA-2026:0010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0010
12
reference_url https://access.redhat.com/errata/RHSA-2026:0011
reference_id RHSA-2026:0011
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0011
13
reference_url https://access.redhat.com/errata/RHSA-2026:0012
reference_id RHSA-2026:0012
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0012
14
reference_url https://access.redhat.com/errata/RHSA-2026:0074
reference_id RHSA-2026:0074
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0074
15
reference_url https://access.redhat.com/errata/RHSA-2026:0075
reference_id RHSA-2026:0075
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0075
16
reference_url https://access.redhat.com/errata/RHSA-2026:0090
reference_id RHSA-2026:0090
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0090
17
reference_url https://access.redhat.com/errata/RHSA-2026:0095
reference_id RHSA-2026:0095
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0095
18
reference_url https://access.redhat.com/errata/RHSA-2026:0139
reference_id RHSA-2026:0139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0139
19
reference_url https://access.redhat.com/errata/RHSA-2026:0141
reference_id RHSA-2026:0141
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0141
20
reference_url https://access.redhat.com/errata/RHSA-2026:0171
reference_id RHSA-2026:0171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0171
21
reference_url https://access.redhat.com/errata/RHSA-2026:2994
reference_id RHSA-2026:2994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2994
22
reference_url https://access.redhat.com/errata/RHSA-2026:2995
reference_id RHSA-2026:2995
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2995
23
reference_url https://access.redhat.com/errata/RHSA-2026:5156
reference_id RHSA-2026:5156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5156
24
reference_url https://usn.ubuntu.com/7968-1/
reference_id USN-7968-1
reference_type
scores
url https://usn.ubuntu.com/7968-1/
fixed_packages
aliases CVE-2025-58098
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2d8p-bbc1-hkfa
1
url VCID-fsh3-7b9j-dfgf
vulnerability_id VCID-fsh3-7b9j-dfgf
summary 
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.

This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.

Users are recommended to upgrade to version 2.4.66 which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65082
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36463
published_at 2026-04-04T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.3643
published_at 2026-04-02T12:55:00Z
2
value 0.00164
scoring_system epss
scoring_elements 0.3739
published_at 2026-04-21T12:55:00Z
3
value 0.00164
scoring_system epss
scoring_elements 0.37443
published_at 2026-04-12T12:55:00Z
4
value 0.00164
scoring_system epss
scoring_elements 0.37416
published_at 2026-04-13T12:55:00Z
5
value 0.00164
scoring_system epss
scoring_elements 0.37445
published_at 2026-04-18T12:55:00Z
6
value 0.00164
scoring_system epss
scoring_elements 0.37399
published_at 2026-04-07T12:55:00Z
7
value 0.00164
scoring_system epss
scoring_elements 0.37451
published_at 2026-04-08T12:55:00Z
8
value 0.00164
scoring_system epss
scoring_elements 0.37463
published_at 2026-04-16T12:55:00Z
9
value 0.00164
scoring_system epss
scoring_elements 0.37477
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65082
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
reference_id 1121926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419139
reference_id 2419139
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2419139
6
reference_url https://httpd.apache.org/security/json/CVE-2025-65082.json
reference_id CVE-2025-65082
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2025-65082.json
7
reference_url https://access.redhat.com/errata/RHSA-2025:23732
reference_id RHSA-2025:23732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23732
8
reference_url https://access.redhat.com/errata/RHSA-2025:23919
reference_id RHSA-2025:23919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23919
9
reference_url https://access.redhat.com/errata/RHSA-2025:23932
reference_id RHSA-2025:23932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23932
10
reference_url https://access.redhat.com/errata/RHSA-2026:2994
reference_id RHSA-2026:2994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2994
11
reference_url https://access.redhat.com/errata/RHSA-2026:2995
reference_id RHSA-2026:2995
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2995
12
reference_url https://access.redhat.com/errata/RHSA-2026:5156
reference_id RHSA-2026:5156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5156
13
reference_url https://usn.ubuntu.com/7968-1/
reference_id USN-7968-1
reference_type
scores
url https://usn.ubuntu.com/7968-1/
fixed_packages
aliases CVE-2025-65082
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsh3-7b9j-dfgf
2
url VCID-varh-ysfr-euc8
vulnerability_id VCID-varh-ysfr-euc8
summary 
mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.

This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.

Users are recommended to upgrade to version 2.4.66, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66200
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17472
published_at 2026-04-02T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17519
published_at 2026-04-04T12:55:00Z
2
value 0.0007
scoring_system epss
scoring_elements 0.21479
published_at 2026-04-21T12:55:00Z
3
value 0.0007
scoring_system epss
scoring_elements 0.21507
published_at 2026-04-13T12:55:00Z
4
value 0.0007
scoring_system epss
scoring_elements 0.21504
published_at 2026-04-16T12:55:00Z
5
value 0.0007
scoring_system epss
scoring_elements 0.21512
published_at 2026-04-18T12:55:00Z
6
value 0.0007
scoring_system epss
scoring_elements 0.21456
published_at 2026-04-07T12:55:00Z
7
value 0.0007
scoring_system epss
scoring_elements 0.21532
published_at 2026-04-08T12:55:00Z
8
value 0.0007
scoring_system epss
scoring_elements 0.21591
published_at 2026-04-09T12:55:00Z
9
value 0.0007
scoring_system epss
scoring_elements 0.21602
published_at 2026-04-11T12:55:00Z
10
value 0.0007
scoring_system epss
scoring_elements 0.21564
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66200
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
reference_id 1121926
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419262
reference_id 2419262
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2419262
6
reference_url https://httpd.apache.org/security/json/CVE-2025-66200.json
reference_id CVE-2025-66200
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2025-66200.json
7
reference_url https://access.redhat.com/errata/RHSA-2025:23732
reference_id RHSA-2025:23732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23732
8
reference_url https://access.redhat.com/errata/RHSA-2025:23919
reference_id RHSA-2025:23919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23919
9
reference_url https://access.redhat.com/errata/RHSA-2025:23932
reference_id RHSA-2025:23932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23932
10
reference_url https://access.redhat.com/errata/RHSA-2026:2994
reference_id RHSA-2026:2994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2994
11
reference_url https://access.redhat.com/errata/RHSA-2026:2995
reference_id RHSA-2026:2995
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2995
12
reference_url https://access.redhat.com/errata/RHSA-2026:5156
reference_id RHSA-2026:5156
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5156
13
reference_url https://usn.ubuntu.com/7968-1/
reference_id USN-7968-1
reference_type
scores
url https://usn.ubuntu.com/7968-1/
fixed_packages
aliases CVE-2025-66200
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-varh-ysfr-euc8
Fixing_vulnerabilities
Risk_score3.2
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.4.63-4.el10_1%3Farch=3