Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39?arch=el8jbcs
Typerpm
Namespaceredhat
Namejbcs-httpd24-httpd
Version2.4.51-39
Qualifiers
arch el8jbcs
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-edvy-cern-6kcu
vulnerability_id VCID-edvy-cern-6kcu
summary 
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.




Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
 or ProxyPassMatch in which a non-specific pattern matches
 some portion of the user-supplied request-target (URL) data and is then
 re-inserted into the proxied request-target using variable 
substitution. For example, something like:




RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/


Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25690
reference_id
reference_type
scores
0
value 0.68183
scoring_system epss
scoring_elements 0.98587
published_at 2026-04-02T12:55:00Z
1
value 0.68183
scoring_system epss
scoring_elements 0.98591
published_at 2026-04-04T12:55:00Z
2
value 0.68183
scoring_system epss
scoring_elements 0.98592
published_at 2026-04-07T12:55:00Z
3
value 0.68183
scoring_system epss
scoring_elements 0.98595
published_at 2026-04-08T12:55:00Z
4
value 0.68183
scoring_system epss
scoring_elements 0.98596
published_at 2026-04-09T12:55:00Z
5
value 0.68183
scoring_system epss
scoring_elements 0.98598
published_at 2026-04-11T12:55:00Z
6
value 0.68183
scoring_system epss
scoring_elements 0.98599
published_at 2026-04-12T12:55:00Z
7
value 0.68183
scoring_system epss
scoring_elements 0.986
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25690
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
reference_id 1032476
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2176209
reference_id 2176209
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2176209
10
reference_url http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html
reference_id Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-18T15:37:02Z/
url http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html
11
reference_url https://httpd.apache.org/security/json/CVE-2023-25690.json
reference_id CVE-2023-25690
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2023-25690.json
12
reference_url https://access.redhat.com/errata/RHSA-2023:1547
reference_id RHSA-2023:1547
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1547
13
reference_url https://access.redhat.com/errata/RHSA-2023:1593
reference_id RHSA-2023:1593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1593
14
reference_url https://access.redhat.com/errata/RHSA-2023:1596
reference_id RHSA-2023:1596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1596
15
reference_url https://access.redhat.com/errata/RHSA-2023:1597
reference_id RHSA-2023:1597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1597
16
reference_url https://access.redhat.com/errata/RHSA-2023:1670
reference_id RHSA-2023:1670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1670
17
reference_url https://access.redhat.com/errata/RHSA-2023:1672
reference_id RHSA-2023:1672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1672
18
reference_url https://access.redhat.com/errata/RHSA-2023:1673
reference_id RHSA-2023:1673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1673
19
reference_url https://access.redhat.com/errata/RHSA-2023:1916
reference_id RHSA-2023:1916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1916
20
reference_url https://access.redhat.com/errata/RHSA-2023:3292
reference_id RHSA-2023:3292
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3292
21
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
22
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
23
reference_url https://usn.ubuntu.com/5942-1/
reference_id USN-5942-1
reference_type
scores
url https://usn.ubuntu.com/5942-1/
24
reference_url https://usn.ubuntu.com/5942-2/
reference_id USN-5942-2
reference_type
scores
url https://usn.ubuntu.com/5942-2/
fixed_packages
aliases CVE-2023-25690
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edvy-cern-6kcu
1
url VCID-fz8c-b8r4-1yb8
vulnerability_id VCID-fz8c-b8r4-1yb8
summary 
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.

This issue affects Apache HTTP Server 2.4.54 and earlier.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-20001
reference_id
reference_type
scores
0
value 0.00439
scoring_system epss
scoring_elements 0.63051
published_at 2026-04-01T12:55:00Z
1
value 0.00439
scoring_system epss
scoring_elements 0.63154
published_at 2026-04-13T12:55:00Z
2
value 0.00439
scoring_system epss
scoring_elements 0.63157
published_at 2026-04-08T12:55:00Z
3
value 0.00439
scoring_system epss
scoring_elements 0.63174
published_at 2026-04-09T12:55:00Z
4
value 0.00439
scoring_system epss
scoring_elements 0.63191
published_at 2026-04-11T12:55:00Z
5
value 0.00439
scoring_system epss
scoring_elements 0.63176
published_at 2026-04-12T12:55:00Z
6
value 0.00439
scoring_system epss
scoring_elements 0.6311
published_at 2026-04-02T12:55:00Z
7
value 0.00439
scoring_system epss
scoring_elements 0.6314
published_at 2026-04-04T12:55:00Z
8
value 0.00439
scoring_system epss
scoring_elements 0.63105
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-20001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161774
reference_id 2161774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161774
9
reference_url https://security.archlinux.org/AVG-2824
reference_id AVG-2824
reference_type
scores
0
value Unknown
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2824
10
reference_url https://httpd.apache.org/security/json/CVE-2006-20001.json
reference_id CVE-2006-20001
reference_type
scores
url https://httpd.apache.org/security/json/CVE-2006-20001.json
11
reference_url https://access.redhat.com/errata/RHSA-2023:0852
reference_id RHSA-2023:0852
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0852
12
reference_url https://access.redhat.com/errata/RHSA-2023:0970
reference_id RHSA-2023:0970
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0970
13
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
14
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
15
reference_url https://usn.ubuntu.com/5834-1/
reference_id USN-5834-1
reference_type
scores
url https://usn.ubuntu.com/5834-1/
16
reference_url https://usn.ubuntu.com/5839-1/
reference_id USN-5839-1
reference_type
scores
url https://usn.ubuntu.com/5839-1/
fixed_packages
aliases CVE-2006-20001
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.51-39%3Farch=el8jbcs