{"url":"http://public2.vulnerablecode.io/api/packages/1037481?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%2Bdeb9u1","type":"deb","namespace":"debian","name":"libapache2-mod-auth-mellon","version":"0.12.0-2+deb9u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.17.0-1+deb11u1","latest_non_vulnerable_version":"0.17.0-1+deb11u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79403?format=json","vulnerability_id":"VCID-bbdx-48p2-4fhw","summary":"security update","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0959","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:0959"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3878.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3878","reference_id":"","reference_type":"","scores":[{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83885","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.837","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83736","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83761","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83769","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83776","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83798","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83818","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83835","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83851","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84768","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84832","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84783","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84802","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84826","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878"},{"reference_url":"https://github.com/Uninett/mod_auth_mellon/pull/196","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Uninett/mod_auth_mellon/pull/196"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691126","reference_id":"1691126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691126"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925197","reference_id":"925197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925197"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_id":"cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3878","reference_id":"CVE-2019-3878","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0746","reference_id":"RHSA-2019:0746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0766","reference_id":"RHSA-2019:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0985","reference_id":"RHSA-2019:0985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0985"},{"reference_url":"https://usn.ubuntu.com/3924-1/","reference_id":"USN-3924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3924-1/"},{"reference_url":"https://usn.ubuntu.com/4597-1/","reference_id":"USN-4597-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4597-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051608?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1"}],"aliases":["CVE-2019-3878"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbdx-48p2-4fhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82466?format=json","vulnerability_id":"VCID-hb2c-3rxv-3kgk","summary":"mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13038.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13038","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68937","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68796","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68775","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68823","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68829","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68836","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68814","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68857","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68892","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68883","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.68786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69027","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69028","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.6912","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69076","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69009","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13038"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725740","reference_id":"1725740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1725740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931265","reference_id":"931265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1003","reference_id":"RHSA-2020:1003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1660","reference_id":"RHSA-2020:1660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1660"},{"reference_url":"https://usn.ubuntu.com/4291-1/","reference_id":"USN-4291-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4291-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051609?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.17.0-1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.17.0-1%252Bdeb11u1"}],"aliases":["CVE-2019-13038"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb2c-3rxv-3kgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80125?format=json","vulnerability_id":"VCID-q6td-hjpx-uyba","summary":"mod_auth_mellon: Open Redirect vulnerability in logout URLs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3639.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3639.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3639","reference_id":"","reference_type":"","scores":[{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41368","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4146","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41473","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41462","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41447","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4149","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41389","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.4128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41275","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41196","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41059","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41131","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41148","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41053","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41079","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00195","scoring_system":"epss","scoring_elements":"0.41155","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3639"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3639","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3639"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980648","reference_id":"1980648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991730","reference_id":"991730","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1934","reference_id":"RHSA-2022:1934","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1934"},{"reference_url":"https://usn.ubuntu.com/5069-1/","reference_id":"USN-5069-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5069-1/"},{"reference_url":"https://usn.ubuntu.com/5069-2/","reference_id":"USN-5069-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5069-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051609?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.17.0-1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.17.0-1%252Bdeb11u1"}],"aliases":["CVE-2021-3639"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6td-hjpx-uyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79402?format=json","vulnerability_id":"VCID-tbkm-srgg-67g7","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3877.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3877","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74194","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74411","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74368","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74333","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74356","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74226","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74231","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74246","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74249","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74242","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74289","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74323","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74315","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74344","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878"},{"reference_url":"https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8"},{"reference_url":"https://github.com/Uninett/mod_auth_mellon/issues/35","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Uninett/mod_auth_mellon/issues/35"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691125","reference_id":"1691125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691125"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_id":"cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3877","reference_id":"CVE-2019-3877","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0766","reference_id":"RHSA-2019:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3421","reference_id":"RHSA-2019:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3421"},{"reference_url":"https://usn.ubuntu.com/3924-1/","reference_id":"USN-3924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3924-1/"},{"reference_url":"https://usn.ubuntu.com/4597-1/","reference_id":"USN-4597-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4597-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1051608?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1"}],"aliases":["CVE-2019-3877"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbkm-srgg-67g7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84522?format=json","vulnerability_id":"VCID-a7h3-ujsg-vqhu","summary":"mod_auth_mellon: Cross-site session transfer vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6807.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6807","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58278","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58358","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58434","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58413","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58394","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58426","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5843","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58408","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5837","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58381","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58366","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58332","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58374","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58433","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58387","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58416","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58485","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1431670","reference_id":"1431670","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1431670"},{"reference_url":"https://usn.ubuntu.com/4597-1/","reference_id":"USN-4597-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4597-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037481?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbdx-48p2-4fhw"},{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"},{"vulnerability":"VCID-tbkm-srgg-67g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%252Bdeb9u1"}],"aliases":["CVE-2017-6807"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7h3-ujsg-vqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79403?format=json","vulnerability_id":"VCID-bbdx-48p2-4fhw","summary":"security update","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:0959","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:0959"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3878.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3878","reference_id":"","reference_type":"","scores":[{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83885","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.837","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83736","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83737","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83761","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83769","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83776","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83798","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83818","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83835","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02011","scoring_system":"epss","scoring_elements":"0.83851","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84768","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84832","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84783","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84802","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02334","scoring_system":"epss","scoring_elements":"0.84826","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878"},{"reference_url":"https://github.com/Uninett/mod_auth_mellon/pull/196","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Uninett/mod_auth_mellon/pull/196"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691126","reference_id":"1691126","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691126"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925197","reference_id":"925197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925197"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_id":"cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3878","reference_id":"CVE-2019-3878","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0746","reference_id":"RHSA-2019:0746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0766","reference_id":"RHSA-2019:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0985","reference_id":"RHSA-2019:0985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0985"},{"reference_url":"https://usn.ubuntu.com/3924-1/","reference_id":"USN-3924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3924-1/"},{"reference_url":"https://usn.ubuntu.com/4597-1/","reference_id":"USN-4597-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4597-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037481?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbdx-48p2-4fhw"},{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"},{"vulnerability":"VCID-tbkm-srgg-67g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051608?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1"}],"aliases":["CVE-2019-3878"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbdx-48p2-4fhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85300?format=json","vulnerability_id":"VCID-bj59-cvh7-bkdg","summary":"mod_auth_mellon: Missing error check when calling ap_get_client_block()","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2145.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2145","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74286","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.7423","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.7407","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74074","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74121","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74143","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74125","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74118","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74157","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74166","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74156","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74191","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.742","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74199","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74192","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.7422","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74244","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74206","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2145"},{"reference_url":"https://github.com/UNINETT/mod_auth_mellon/pull/71","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/UNINETT/mod_auth_mellon/pull/71"},{"reference_url":"https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315739","reference_id":"1315739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315739"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2145","reference_id":"CVE-2016-2145","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2145"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037481?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbdx-48p2-4fhw"},{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"},{"vulnerability":"VCID-tbkm-srgg-67g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%252Bdeb9u1"}],"aliases":["CVE-2016-2145"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bj59-cvh7-bkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79402?format=json","vulnerability_id":"VCID-tbkm-srgg-67g7","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3877.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3877","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74194","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74411","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74368","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74333","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74356","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74226","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74231","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74246","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74249","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74242","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74289","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74281","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74323","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74322","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74315","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74344","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3878"},{"reference_url":"https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8"},{"reference_url":"https://github.com/Uninett/mod_auth_mellon/issues/35","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Uninett/mod_auth_mellon/issues/35"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNW5YMC5TLWVWNJEY6AIWNSNPRAMWPQJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X7NLAU7KROWNTHAYSA2S67X347F42L2I/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691125","reference_id":"1691125","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691125"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_id":"cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mod_auth_mellon_project:mod_auth_mellon:*:*:*:*:*:apache:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3877","reference_id":"CVE-2019-3877","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0766","reference_id":"RHSA-2019:0766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0766"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3421","reference_id":"RHSA-2019:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3421"},{"reference_url":"https://usn.ubuntu.com/3924-1/","reference_id":"USN-3924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3924-1/"},{"reference_url":"https://usn.ubuntu.com/4597-1/","reference_id":"USN-4597-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4597-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037481?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbdx-48p2-4fhw"},{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"},{"vulnerability":"VCID-tbkm-srgg-67g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1051608?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.14.2-1"}],"aliases":["CVE-2019-3877"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbkm-srgg-67g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85301?format=json","vulnerability_id":"VCID-z18x-abc1-nyek","summary":"mod_auth_mellon: Failure to limit amount of POST data submitted by client","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179085.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2146","reference_id":"","reference_type":"","scores":[{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71004","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.7095","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70746","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70761","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70779","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70755","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70799","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70815","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70838","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70858","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70836","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70889","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70899","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70879","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.7092","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70956","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.70922","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2146"},{"reference_url":"https://github.com/UNINETT/mod_auth_mellon/pull/71","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/UNINETT/mod_auth_mellon/pull/71"},{"reference_url":"https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://sympa.uninett.no/lists/uninett.no/arc/modmellon/2016-03/msg00000.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315747","reference_id":"1315747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315747"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2146","reference_id":"CVE-2016-2146","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037481?format=json","purl":"pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bbdx-48p2-4fhw"},{"vulnerability":"VCID-hb2c-3rxv-3kgk"},{"vulnerability":"VCID-q6td-hjpx-uyba"},{"vulnerability":"VCID-tbkm-srgg-67g7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%252Bdeb9u1"}],"aliases":["CVE-2016-2146"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z18x-abc1-nyek"}],"risk_score":"3.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-auth-mellon@0.12.0-2%252Bdeb9u1"}