Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/89755?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/89755?format=api", "purl": "pkg:rpm/redhat/jbcs-httpd24-mod_http2@2.0.29-5?arch=el8jbcs", "type": "rpm", "namespace": "redhat", "name": "jbcs-httpd24-mod_http2", "version": "2.0.29-5", "qualifiers": { "arch": "el8jbcs" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3865?format=api", "vulnerability_id": "VCID-9tez-97xg-z3bs", "summary": "In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.\n\nOnly configurations using \"SSLEngine optional\" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49812.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49812.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32463", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3281", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32811", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32773", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32783", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374580", "reference_id": "2374580", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374580" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-49812.json", "reference_id": "CVE-2025-49812", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-49812.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14901", "reference_id": "RHSA-2025:14901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14902", "reference_id": "RHSA-2025:14902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14903", "reference_id": "RHSA-2025:14903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14997", "reference_id": "RHSA-2025:14997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14998", "reference_id": "RHSA-2025:14998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15023", "reference_id": "RHSA-2025:15023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15036", "reference_id": "RHSA-2025:15036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15095", "reference_id": "RHSA-2025:15095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-49812" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tez-97xg-z3bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3863?format=api", "vulnerability_id": "VCID-r471-g9xs-sbga", "summary": "In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\n\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09386", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09416", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0943", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.094", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09124", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09292", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09368", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374576", "reference_id": "2374576", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374576" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-23048.json", "reference_id": "CVE-2025-23048", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-23048.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14901", "reference_id": "RHSA-2025:14901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14902", "reference_id": "RHSA-2025:14902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14903", "reference_id": "RHSA-2025:14903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15023", "reference_id": "RHSA-2025:15023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15095", "reference_id": "RHSA-2025:15095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-23048" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r471-g9xs-sbga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69518?format=api", "vulnerability_id": "VCID-tyyt-k2cb-dygb", "summary": "modsecurity: ModSecurity Has Possible DoS Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47947.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66477", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66512", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66474", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66537", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66556", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66543", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00513", "scoring_system": "epss", "scoring_elements": "0.66503", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47947" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47947", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47947" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106286", "reference_id": "1106286", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106286" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367903", "reference_id": "2367903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367903" }, { "reference_url": "https://github.com/owasp-modsecurity/ModSecurity/pull/3389", "reference_id": "3389", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:51:29Z/" } ], "url": "https://github.com/owasp-modsecurity/ModSecurity/pull/3389" }, { "reference_url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r", "reference_id": "GHSA-859r-vvv8-rm8r", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T15:51:29Z/" } ], "url": "https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8605", "reference_id": "RHSA-2025:8605", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8605" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8626", "reference_id": "RHSA-2025:8626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8627", "reference_id": "RHSA-2025:8627", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8674", "reference_id": "RHSA-2025:8674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8837", "reference_id": "RHSA-2025:8837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8844", "reference_id": "RHSA-2025:8844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8917", "reference_id": "RHSA-2025:8917", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8922", "reference_id": "RHSA-2025:8922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8937", "reference_id": "RHSA-2025:8937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8937" }, { "reference_url": "https://usn.ubuntu.com/7567-1/", "reference_id": "USN-7567-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7567-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-47947" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tyyt-k2cb-dygb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3864?format=api", "vulnerability_id": "VCID-zxet-n94k-57ge", "summary": "In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.\n\nConfigurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to \"on\".", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49630.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77462", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77459", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.7745", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374578", "reference_id": "2374578", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374578" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2025-49630.json", "reference_id": "CVE-2025-49630", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2025-49630.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14625", "reference_id": "RHSA-2025:14625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14983", "reference_id": "RHSA-2025:14983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15725", "reference_id": "RHSA-2025:15725", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15726", "reference_id": "RHSA-2025:15726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15727", "reference_id": "RHSA-2025:15727", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15727" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2025-49630" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxet-n94k-57ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3862?format=api", "vulnerability_id": "VCID-zyyh-n42k-8bhr", "summary": "Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37345", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37371", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39845", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39861", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39817", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39872", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374571", "reference_id": "2374571", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374571" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2024-47252.json", "reference_id": "CVE-2024-47252", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2024-47252.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13680", "reference_id": "RHSA-2025:13680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14901", "reference_id": "RHSA-2025:14901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14902", "reference_id": "RHSA-2025:14902", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14902" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14903", "reference_id": "RHSA-2025:14903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14997", "reference_id": "RHSA-2025:14997", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14997" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15023", "reference_id": "RHSA-2025:15023", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15095", "reference_id": "RHSA-2025:15095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15123", "reference_id": "RHSA-2025:15123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15516", "reference_id": "RHSA-2025:15516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15619", "reference_id": "RHSA-2025:15619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15684", "reference_id": "RHSA-2025:15684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15698", "reference_id": "RHSA-2025:15698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15698" }, { "reference_url": "https://usn.ubuntu.com/7639-1/", "reference_id": "USN-7639-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-1/" }, { "reference_url": "https://usn.ubuntu.com/7639-2/", "reference_id": "USN-7639-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7639-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-47252" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyh-n42k-8bhr" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-mod_http2@2.0.29-5%3Farch=el8jbcs" }