Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/98406?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/98406?format=api", "purl": "pkg:rpm/redhat/httpd@2.4.53-7?arch=el9", "type": "rpm", "namespace": "redhat", "name": "httpd", "version": "2.4.53-7", "qualifiers": { "arch": "el9" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3833?format=api", "vulnerability_id": "VCID-4d3t-es7p-9qhn", "summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78114", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.7814", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006", "reference_id": "2095006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", "reference_id": "7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/08/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/08/9" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28615.json", "reference_id": "CVE-2022-28615", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28615.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220624-0005/", "reference_id": "ntap-20220624-0005", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220624-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", "reference_id": "YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-28615" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3834?format=api", "vulnerability_id": "VCID-d36c-rrxh-ybgv", "summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84759", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84781", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012", "reference_id": "2095012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-29404.json", "reference_id": "CVE-2022-29404", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-29404.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-29404" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3829?format=api", "vulnerability_id": "VCID-g55m-t4s1-nfhv", "summary": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.\n\nThis issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98286", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98285", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98275", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.9828", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.60552", "scoring_system": "epss", "scoring_elements": "0.98281", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319", "reference_id": "2064319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064319" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-23943.json", "reference_id": "CVE-2022-23943", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-23943.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23943" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g55m-t4s1-nfhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3835?format=api", "vulnerability_id": "VCID-gv84-vfvh-y7hu", "summary": "If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93636", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93638", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93643", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015", "reference_id": "2095015", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30522.json", "reference_id": "CVE-2022-30522", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30522.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30522" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3836?format=api", "vulnerability_id": "VCID-hm3f-m22n-u3gy", "summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66229", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6626", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6624", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018", "reference_id": "2095018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30556.json", "reference_id": "CVE-2022-30556", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30556.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-30556" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3832?format=api", "vulnerability_id": "VCID-na94-5565-dyfc", "summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6922", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69271", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002", "reference_id": "2095002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28614.json", "reference_id": "CVE-2022-28614", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28614.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-28614" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3837?format=api", "vulnerability_id": "VCID-p2a1-afnh-7qca", "summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11511", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13379", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13305", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020", "reference_id": "2095020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-31813.json", "reference_id": "CVE-2022-31813", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-31813.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-31813" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3826?format=api", "vulnerability_id": "VCID-pnc8-bb23-vqh1", "summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.52 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96593", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96591", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96581", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96589", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.29312", "scoring_system": "epss", "scoring_elements": "0.96573", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.29423", "scoring_system": "epss", "scoring_elements": "0.96602", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.29423", "scoring_system": "epss", "scoring_elements": "0.96599", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322", "reference_id": "2064322", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064322" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-22719.json", "reference_id": "CVE-2022-22719", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-22719.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22719" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pnc8-bb23-vqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3830?format=api", "vulnerability_id": "VCID-qm7e-n9ay-hufy", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.9732", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997", "reference_id": "2094997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-26377.json", "reference_id": "CVE-2022-26377", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-26377.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-26377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3828?format=api", "vulnerability_id": "VCID-xfm9-e5nr-wyat", "summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.\n\nThis issue affects Apache HTTP Server 2.4.52 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94126", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94104", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13159", "scoring_system": "epss", "scoring_elements": "0.94093", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13224", "scoring_system": "epss", "scoring_elements": "0.94143", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22721" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320", "reference_id": "2064320", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064320" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-22721.json", "reference_id": "CVE-2022-22721", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-22721.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5333-1/", "reference_id": "USN-5333-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-1/" }, { "reference_url": "https://usn.ubuntu.com/5333-2/", "reference_id": "USN-5333-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5333-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-22721" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xfm9-e5nr-wyat" } ], "fixing_vulnerabilities": [], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.4.53-7%3Farch=el9" }