{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","type":"deb","namespace":"debian","name":"apache2","version":"2.4.62-1~deb11u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.66-1~deb12u1","latest_non_vulnerable_version":"2.4.66-1~deb12u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3869?format=json","vulnerability_id":"VCID-2d8p-bbc1-hkfa","summary":"Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd=\"...\" directives.\n\nThis issue affects Apache HTTP Server before 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58098","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07443","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08736","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08772","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0875","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08669","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08745","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58098"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926","reference_id":"1121926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419365","reference_id":"2419365","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419365"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-58098.json","reference_id":"CVE-2025-58098","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-58098.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23732","reference_id":"RHSA-2025:23732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23919","reference_id":"RHSA-2025:23919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23932","reference_id":"RHSA-2025:23932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0009","reference_id":"RHSA-2026:0009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0010","reference_id":"RHSA-2026:0010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0011","reference_id":"RHSA-2026:0011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0012","reference_id":"RHSA-2026:0012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0074","reference_id":"RHSA-2026:0074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0074"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0075","reference_id":"RHSA-2026:0075","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0090","reference_id":"RHSA-2026:0090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0095","reference_id":"RHSA-2026:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0139","reference_id":"RHSA-2026:0139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0141","reference_id":"RHSA-2026:0141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0171","reference_id":"RHSA-2026:0171","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0171"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2994","reference_id":"RHSA-2026:2994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2995","reference_id":"RHSA-2026:2995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2995"},{"reference_url":"https://usn.ubuntu.com/7968-1/","reference_id":"USN-7968-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7968-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-58098"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2d8p-bbc1-hkfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3859?format=json","vulnerability_id":"VCID-3ay7-bwah-2yd1","summary":"HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response.\n\nThis vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42516.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-42516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42516","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5352","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.53546","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56554","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56587","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56597","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56573","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56532","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00337","scoring_system":"epss","scoring_elements":"0.56583","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374549","reference_id":"2374549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374549"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-42516.json","reference_id":"CVE-2024-42516","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-42516.json"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2024-42516"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ay7-bwah-2yd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3865?format=json","vulnerability_id":"VCID-9tez-97xg-z3bs","summary":"In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade.\n\nOnly configurations using \"SSLEngine optional\" to enable TLS upgrades are affected. Users are recommended to upgrade to version 2.4.64, which removes support for TLS upgrade.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49812.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49812","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32747","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.3281","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32811","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32773","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32735","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32783","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374580","reference_id":"2374580","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374580"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-49812.json","reference_id":"CVE-2025-49812","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-49812.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13680","reference_id":"RHSA-2025:13680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13681","reference_id":"RHSA-2025:13681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14901","reference_id":"RHSA-2025:14901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14902","reference_id":"RHSA-2025:14902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14903","reference_id":"RHSA-2025:14903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14997","reference_id":"RHSA-2025:14997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14998","reference_id":"RHSA-2025:14998","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15023","reference_id":"RHSA-2025:15023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15036","reference_id":"RHSA-2025:15036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15095","reference_id":"RHSA-2025:15095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15123","reference_id":"RHSA-2025:15123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15516","reference_id":"RHSA-2025:15516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15619","reference_id":"RHSA-2025:15619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15684","reference_id":"RHSA-2025:15684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15698","reference_id":"RHSA-2025:15698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15698"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-49812"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tez-97xg-z3bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3861?format=json","vulnerability_id":"VCID-b9ks-detx-nkdw","summary":"Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via \nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43394","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1559","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16098","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16096","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379332","reference_id":"2379332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379332"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-43394.json","reference_id":"CVE-2024-43394","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-43394.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2024-43394"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ks-detx-nkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3871?format=json","vulnerability_id":"VCID-fsh3-7b9j-dfgf","summary":"Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs.\n\nThis issue affects Apache HTTP Server from 2.4.0 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66 which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65082","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3643","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37416","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37477","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37443","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37399","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37451","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65082"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926","reference_id":"1121926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419139","reference_id":"2419139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419139"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-65082.json","reference_id":"CVE-2025-65082","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-65082.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23732","reference_id":"RHSA-2025:23732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23919","reference_id":"RHSA-2025:23919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23932","reference_id":"RHSA-2025:23932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2994","reference_id":"RHSA-2026:2994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2995","reference_id":"RHSA-2026:2995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2995"},{"reference_url":"https://usn.ubuntu.com/7968-1/","reference_id":"USN-7968-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7968-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-65082"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsh3-7b9j-dfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3866?format=json","vulnerability_id":"VCID-ha7f-21gy-3qa2","summary":"Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63.\n\nUsers are recommended to upgrade to version 2.4.64, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53020.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-53020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53020","reference_id":"","reference_type":"","scores":[{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.75875","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00918","scoring_system":"epss","scoring_elements":"0.75907","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01211","scoring_system":"epss","scoring_elements":"0.78995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01211","scoring_system":"epss","scoring_elements":"0.78997","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01211","scoring_system":"epss","scoring_elements":"0.79021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01211","scoring_system":"epss","scoring_elements":"0.79006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01211","scoring_system":"epss","scoring_elements":"0.78966","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01211","scoring_system":"epss","scoring_elements":"0.7899","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-53020"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379343","reference_id":"2379343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379343"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-53020.json","reference_id":"CVE-2025-53020","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-53020.json"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-53020"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ha7f-21gy-3qa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3863?format=json","vulnerability_id":"VCID-r471-g9xs-sbga","summary":"In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.\n\nConfigurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23048.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23048","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09386","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09416","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.094","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09071","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09368","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374576","reference_id":"2374576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374576"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-23048.json","reference_id":"CVE-2025-23048","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-23048.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13680","reference_id":"RHSA-2025:13680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13681","reference_id":"RHSA-2025:13681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14901","reference_id":"RHSA-2025:14901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14902","reference_id":"RHSA-2025:14902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14903","reference_id":"RHSA-2025:14903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15023","reference_id":"RHSA-2025:15023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15095","reference_id":"RHSA-2025:15095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15123","reference_id":"RHSA-2025:15123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15516","reference_id":"RHSA-2025:15516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15619","reference_id":"RHSA-2025:15619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15684","reference_id":"RHSA-2025:15684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15698","reference_id":"RHSA-2025:15698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15698"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-23048"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r471-g9xs-sbga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3868?format=json","vulnerability_id":"VCID-td8g-tmny-jyaa","summary":"An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds.\n\nThis issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.\n\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55753","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22156","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28298","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28396","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28399","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28352","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55753"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926","reference_id":"1121926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419140","reference_id":"2419140","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419140"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-55753.json","reference_id":"CVE-2025-55753","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-55753.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23732","reference_id":"RHSA-2025:23732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23738","reference_id":"RHSA-2025:23738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23739","reference_id":"RHSA-2025:23739","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0009","reference_id":"RHSA-2026:0009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0010","reference_id":"RHSA-2026:0010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0011","reference_id":"RHSA-2026:0011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0012","reference_id":"RHSA-2026:0012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0029","reference_id":"RHSA-2026:0029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0030","reference_id":"RHSA-2026:0030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0092","reference_id":"RHSA-2026:0092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0093","reference_id":"RHSA-2026:0093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0094","reference_id":"RHSA-2026:0094","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0094"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2994","reference_id":"RHSA-2026:2994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2995","reference_id":"RHSA-2026:2995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2995"},{"reference_url":"https://usn.ubuntu.com/7968-1/","reference_id":"USN-7968-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7968-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-55753"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td8g-tmny-jyaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3872?format=json","vulnerability_id":"VCID-varh-ysfr-euc8","summary":"mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid.\n\nThis issue affects Apache HTTP Server: from 2.4.7 through 2.4.65.\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66200","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17519","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21507","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21591","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21602","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21564","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21456","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21532","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66200"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926","reference_id":"1121926","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121926"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419262","reference_id":"2419262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419262"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-66200.json","reference_id":"CVE-2025-66200","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-66200.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23732","reference_id":"RHSA-2025:23732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23919","reference_id":"RHSA-2025:23919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23932","reference_id":"RHSA-2025:23932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2994","reference_id":"RHSA-2026:2994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2995","reference_id":"RHSA-2026:2995","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2995"},{"reference_url":"https://usn.ubuntu.com/7968-1/","reference_id":"USN-7968-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7968-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-66200"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-varh-ysfr-euc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3860?format=json","vulnerability_id":"VCID-ww49-y35r-ykdd","summary":"SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43204.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43204","reference_id":"","reference_type":"","scores":[{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45583","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45605","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.4625","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46245","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46248","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374553","reference_id":"2374553","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374553"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-43204.json","reference_id":"CVE-2024-43204","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-43204.json"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2024-43204"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww49-y35r-ykdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3864?format=json","vulnerability_id":"VCID-zxet-n94k-57ge","summary":"In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in mod_proxy_http2.\n\nConfigurations affected are a reverse proxy is configured for an HTTP/2 backend, with ProxyPreserveHost set to \"on\".","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49630.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49630.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49630","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77462","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77459","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77465","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7745","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49630"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374578","reference_id":"2374578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374578"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-49630.json","reference_id":"CVE-2025-49630","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-49630.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13680","reference_id":"RHSA-2025:13680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13681","reference_id":"RHSA-2025:13681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14625","reference_id":"RHSA-2025:14625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14983","reference_id":"RHSA-2025:14983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15123","reference_id":"RHSA-2025:15123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15516","reference_id":"RHSA-2025:15516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15619","reference_id":"RHSA-2025:15619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15684","reference_id":"RHSA-2025:15684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15698","reference_id":"RHSA-2025:15698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15725","reference_id":"RHSA-2025:15725","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15725"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15726","reference_id":"RHSA-2025:15726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15727","reference_id":"RHSA-2025:15727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15727"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2025-49630"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxet-n94k-57ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3862?format=json","vulnerability_id":"VCID-zyyh-n42k-8bhr","summary":"Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations.\n\nIn a logging configuration where CustomLog is used with \"%{varname}x\" or \"%{varname}c\" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47252.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47252.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47252","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37371","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39845","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39886","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39861","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39817","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39872","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47252"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374571","reference_id":"2374571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374571"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-47252.json","reference_id":"CVE-2024-47252","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-47252.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13680","reference_id":"RHSA-2025:13680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13681","reference_id":"RHSA-2025:13681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13681"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14901","reference_id":"RHSA-2025:14901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14902","reference_id":"RHSA-2025:14902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14903","reference_id":"RHSA-2025:14903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14997","reference_id":"RHSA-2025:14997","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:14997"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15023","reference_id":"RHSA-2025:15023","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15095","reference_id":"RHSA-2025:15095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15123","reference_id":"RHSA-2025:15123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15516","reference_id":"RHSA-2025:15516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15619","reference_id":"RHSA-2025:15619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15684","reference_id":"RHSA-2025:15684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15698","reference_id":"RHSA-2025:15698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:15698"},{"reference_url":"https://usn.ubuntu.com/7639-1/","reference_id":"USN-7639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-1/"},{"reference_url":"https://usn.ubuntu.com/7639-2/","reference_id":"USN-7639-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7639-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052592?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1"}],"aliases":["CVE-2024-47252"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyh-n42k-8bhr"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3813?format=json","vulnerability_id":"VCID-17hy-4ppt-xyhw","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691","reference_id":"","reference_type":"","scores":[{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97343","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732","reference_id":"1966732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26691.json","reference_id":"CVE-2021-26691","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26691.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-26691"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3847?format=json","vulnerability_id":"VCID-2e6w-fs4j-17g9","summary":"HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27316","reference_id":"","reference_type":"","scores":[{"value":"0.89409","scoring_system":"epss","scoring_elements":"0.99546","published_at":"2026-04-13T12:55:00Z"},{"value":"0.89409","scoring_system":"epss","scoring_elements":"0.99542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.89409","scoring_system":"epss","scoring_elements":"0.99543","published_at":"2026-04-04T12:55:00Z"},{"value":"0.89409","scoring_system":"epss","scoring_elements":"0.99545","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412","reference_id":"1068412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/04/03/16","reference_id":"16","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/04/03/16"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jul/18","reference_id":"18","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jul/18"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2268277","reference_id":"2268277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2268277"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/04/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/04/4"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-27316.json","reference_id":"CVE-2024-27316","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-27316.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://support.apple.com/kb/HT214119","reference_id":"HT214119","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-29T15:46:29Z/"}],"url":"https://support.apple.com/kb/HT214119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1786","reference_id":"RHSA-2024:1786","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1872","reference_id":"RHSA-2024:1872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2564","reference_id":"RHSA-2024:2564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2693","reference_id":"RHSA-2024:2693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2694","reference_id":"RHSA-2024:2694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2891","reference_id":"RHSA-2024:2891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2907","reference_id":"RHSA-2024:2907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3402","reference_id":"RHSA-2024:3402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3417","reference_id":"RHSA-2024:3417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4390","reference_id":"RHSA-2024:4390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4390"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16668","reference_id":"RHSA-2025:16668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16668"},{"reference_url":"https://usn.ubuntu.com/6729-1/","reference_id":"USN-6729-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-1/"},{"reference_url":"https://usn.ubuntu.com/6729-2/","reference_id":"USN-6729-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-2/"},{"reference_url":"https://usn.ubuntu.com/6729-3/","reference_id":"USN-6729-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-27316"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2e6w-fs4j-17g9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3799?format=json","vulnerability_id":"VCID-3djp-gq4c-1fa9","summary":"A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10092","reference_id":"","reference_type":"","scores":[{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99216","published_at":"2026-04-01T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99221","published_at":"2026-04-04T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99225","published_at":"2026-04-13T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99224","published_at":"2026-04-07T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99218","published_at":"2026-04-02T12:55:00Z"},{"value":"0.82379","scoring_system":"epss","scoring_elements":"0.99226","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/47","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Aug/47"},{"reference_url":"https://seclists.org/bugtraq/2019/Oct/24","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Oct/24"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190905-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190905-0003/"},{"reference_url":"https://support.f5.com/csp/article/K30442259","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K30442259"},{"reference_url":"https://www.debian.org/security/2019/dsa-4509","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4509"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/08/15/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/08/15/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/08/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/08/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/08/08/9","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/08/08/9"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743956","reference_id":"1743956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743956"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/","reference_id":"CVE-2019-10092","reference_type":"exploit","scores":[],"url":"https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md","reference_id":"CVE-2019-10092","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-10092.json","reference_id":"CVE-2019-10092","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-10092.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10092","reference_id":"CVE-2019-10092","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10092"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036941?format=json","purl":"pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-7vjg-vetg-p7f6"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-qc9j-x576-ayc1"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-10092"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3djp-gq4c-1fa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3841?format=json","vulnerability_id":"VCID-4c3m-m6ku-kbhq","summary":"HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27522","reference_id":"","reference_type":"","scores":[{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.7369","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73675","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73699","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73696","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73683","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73651","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73647","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d"},{"reference_url":"https://github.com/unbit/uwsgi","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/unbit/uwsgi"},{"reference_url":"https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822"},{"reference_url":"https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/"}],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"},{"reference_url":"https://security.gentoo.org/glsa/202309-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/"}],"url":"https://security.gentoo.org/glsa/202309-01"},{"reference_url":"https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476","reference_id":"1032476","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176211","reference_id":"2176211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176211"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2023-27522.json","reference_id":"CVE-2023-27522","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2023-27522.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27522","reference_id":"CVE-2023-27522","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27522"},{"reference_url":"https://github.com/advisories/GHSA-vcph-37mh-fqrh","reference_id":"GHSA-vcph-37mh-fqrh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcph-37mh-fqrh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5049","reference_id":"RHSA-2023:5049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5050","reference_id":"RHSA-2023:5050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6403","reference_id":"RHSA-2023:6403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4504","reference_id":"RHSA-2024:4504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4504"},{"reference_url":"https://usn.ubuntu.com/5942-1/","reference_id":"USN-5942-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5942-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2023-27522","GHSA-vcph-37mh-fqrh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4c3m-m6ku-kbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3833?format=json","vulnerability_id":"VCID-4d3t-es7p-9qhn","summary":"Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.  While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28615","reference_id":"","reference_type":"","scores":[{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78114","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78101","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.7814","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28615"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095006","reference_id":"2095006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095006"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/","reference_id":"7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/08/9","reference_id":"9","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/06/08/9"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28615.json","reference_id":"CVE-2022-28615","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28615.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220624-0005/","reference_id":"ntap-20220624-0005","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220624-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/","reference_id":"YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-28615"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3803?format=json","vulnerability_id":"VCID-5xrt-1n1q-4bey","summary":"In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1927","reference_id":"","reference_type":"","scores":[{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93495","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93519","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11302","scoring_system":"epss","scoring_elements":"0.93504","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200413-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200413-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4757","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4757"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/03/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/03/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/04/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/04/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820761","reference_id":"1820761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820761"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1927.json","reference_id":"CVE-2020-1927","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1927.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1927","reference_id":"CVE-2020-1927","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2263","reference_id":"RHSA-2020:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-1927"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3811?format=json","vulnerability_id":"VCID-66k7-maf9-dfcd","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452","reference_id":"","reference_type":"","scores":[{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93315","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.9332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93311","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724","reference_id":"1966724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-35452.json","reference_id":"CVE-2020-35452","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-35452.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-35452"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3815?format=json","vulnerability_id":"VCID-6b7y-562y-suce","summary":"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618","reference_id":"","reference_type":"","scores":[{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93392","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93419","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013","reference_id":"1968013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/13/2","reference_id":"2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/13/2"},{"reference_url":"https://seclists.org/oss-sec/2021/q2/206","reference_id":"206","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://seclists.org/oss-sec/2021/q2/206"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/","reference_id":"2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/06/10/9","reference_id":"9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/06/10/9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562","reference_id":"989562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/","reference_id":"A73QJ4HPUMU26I6EULG6SCK67TUEXZYR","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"},{"reference_url":"https://security.archlinux.org/ASA-202106-23","reference_id":"ASA-202106-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-23"},{"reference_url":"https://security.archlinux.org/AVG-2041","reference_id":"AVG-2041","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2041"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-31618.json","reference_id":"CVE-2021-31618","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-31618.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4937","reference_id":"dsa-4937","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://www.debian.org/security/2021/dsa-4937"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0008/","reference_id":"ntap-20210727-0008","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210727-0008/"},{"reference_url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_id":"r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_id":"r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-31618"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3838?format=json","vulnerability_id":"VCID-6qk8-1cj1-4fh7","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36760","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52508","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52528","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52573","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52481","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161777","reference_id":"2161777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161777"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-36760.json","reference_id":"CVE-2022-36760","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2022-36760.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://usn.ubuntu.com/5834-1/","reference_id":"USN-5834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5834-1/"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-36760"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3855?format=json","vulnerability_id":"VCID-6tgh-b4td-63f5","summary":"Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39573.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39573","reference_id":"","reference_type":"","scores":[{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86917","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86886","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86914","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86927","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86923","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86873","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0316","scoring_system":"epss","scoring_elements":"0.86891","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295022","reference_id":"2295022","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295022"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-39573.json","reference_id":"CVE-2024-39573","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-39573.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-01T20:41:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4720","reference_id":"RHSA-2024:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4726","reference_id":"RHSA-2024:4726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5001","reference_id":"RHSA-2024:5001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5239","reference_id":"RHSA-2024:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5240","reference_id":"RHSA-2024:5240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5240"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-39573"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tgh-b4td-63f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3800?format=json","vulnerability_id":"VCID-7vfk-1dwm-xbbt","summary":"When mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10097","reference_id":"","reference_type":"","scores":[{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95861","published_at":"2026-04-01T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95881","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95889","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95892","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95895","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95869","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22907","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10097"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743996","reference_id":"1743996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743996"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-10097.json","reference_id":"CVE-2019-10097","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-10097.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10097","reference_id":"CVE-2019-10097","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10097"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-10097"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vfk-1dwm-xbbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3852?format=json","vulnerability_id":"VCID-8edq-8rvq-rkf1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38475","reference_id":"","reference_type":"","scores":[{"value":"0.93858","scoring_system":"epss","scoring_elements":"0.99869","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93858","scoring_system":"epss","scoring_elements":"0.99867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.93858","scoring_system":"epss","scoring_elements":"0.99868","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295014","reference_id":"2295014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295014"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-38475.json","reference_id":"CVE-2024-38475","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-38475.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-05-02T03:55:18Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4719","reference_id":"RHSA-2024:4719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4720","reference_id":"RHSA-2024:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4726","reference_id":"RHSA-2024:4726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4820","reference_id":"RHSA-2024:4820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4827","reference_id":"RHSA-2024:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4830","reference_id":"RHSA-2024:4830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4862","reference_id":"RHSA-2024:4862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4863","reference_id":"RHSA-2024:4863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4938","reference_id":"RHSA-2024:4938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4943","reference_id":"RHSA-2024:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5239","reference_id":"RHSA-2024:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5240","reference_id":"RHSA-2024:5240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5240"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"},{"reference_url":"https://usn.ubuntu.com/6885-3/","reference_id":"USN-6885-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-3/"},{"reference_url":"https://usn.ubuntu.com/6885-5/","reference_id":"USN-6885-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-5/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-38475"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8edq-8rvq-rkf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3853?format=json","vulnerability_id":"VCID-8nw9-zpxn-ckab","summary":"Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38476","reference_id":"","reference_type":"","scores":[{"value":"0.03452","scoring_system":"epss","scoring_elements":"0.87515","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03452","scoring_system":"epss","scoring_elements":"0.87486","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03452","scoring_system":"epss","scoring_elements":"0.87505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03452","scoring_system":"epss","scoring_elements":"0.87512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03452","scoring_system":"epss","scoring_elements":"0.87523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03452","scoring_system":"epss","scoring_elements":"0.87519","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03545","scoring_system":"epss","scoring_elements":"0.87649","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03545","scoring_system":"epss","scoring_elements":"0.87636","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295015","reference_id":"2295015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295015"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-38476.json","reference_id":"CVE-2024-38476","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-38476.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-29T03:55:12Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5138","reference_id":"RHSA-2024:5138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5193","reference_id":"RHSA-2024:5193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5239","reference_id":"RHSA-2024:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5240","reference_id":"RHSA-2024:5240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5812","reference_id":"RHSA-2024:5812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5832","reference_id":"RHSA-2024:5832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6136","reference_id":"RHSA-2024:6136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6467","reference_id":"RHSA-2024:6467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6468","reference_id":"RHSA-2024:6468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6583","reference_id":"RHSA-2024:6583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6584","reference_id":"RHSA-2024:6584","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6584"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7101","reference_id":"RHSA-2024:7101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:7101"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"},{"reference_url":"https://usn.ubuntu.com/6885-3/","reference_id":"USN-6885-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-38476"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nw9-zpxn-ckab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3817?format=json","vulnerability_id":"VCID-9u53-b79b-cfgd","summary":"Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798","reference_id":"","reference_type":"","scores":[{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128","reference_id":"2005128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-34798.json","reference_id":"CVE-2021-34798","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-34798.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-34798"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3810?format=json","vulnerability_id":"VCID-9ych-ybpr-j3h6","summary":"Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950","reference_id":"","reference_type":"","scores":[{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95714","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.9571","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738","reference_id":"1966738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13950.json","reference_id":"CVE-2020-13950","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13950.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5163","reference_id":"RHSA-2022:5163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5163"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-13950"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3798?format=json","vulnerability_id":"VCID-a9rw-3s1y-hqd7","summary":"Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10082","reference_id":"","reference_type":"","scores":[{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97695","published_at":"2026-04-01T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97717","published_at":"2026-04-13T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97707","published_at":"2026-04-08T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.9771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97713","published_at":"2026-04-11T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97703","published_at":"2026-04-04T12:55:00Z"},{"value":"0.47892","scoring_system":"epss","scoring_elements":"0.97702","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743974","reference_id":"1743974","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743974"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-10082.json","reference_id":"CVE-2019-10082","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-10082.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10082","reference_id":"CVE-2019-10082","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10082"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036941?format=json","purl":"pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-7vjg-vetg-p7f6"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-qc9j-x576-ayc1"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-10082"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rw-3s1y-hqd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3804?format=json","vulnerability_id":"VCID-auhk-ppv5-buaa","summary":"in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934","reference_id":"","reference_type":"","scores":[{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97221","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97233","published_at":"2026-04-07T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97227","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38657","scoring_system":"epss","scoring_elements":"0.97232","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200413-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200413-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4757","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4757"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772","reference_id":"1820772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1934.json","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1934.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1934","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1934"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-1934"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3842?format=json","vulnerability_id":"VCID-b68y-4prb-bfdk","summary":"Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31122","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.6251","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62559","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62543","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62508","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.6256","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62582","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245332","reference_id":"2245332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245332"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2023-31122.json","reference_id":"CVE-2023-31122","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2023-31122.json"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231027-0011/","reference_id":"ntap-20231027-0011","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231027-0011/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1316","reference_id":"RHSA-2024:1316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1317","reference_id":"RHSA-2024:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2278","reference_id":"RHSA-2024:2278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3121","reference_id":"RHSA-2024:3121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3121"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/","reference_id":"TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/"},{"reference_url":"https://usn.ubuntu.com/6506-1/","reference_id":"USN-6506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6506-1/"},{"reference_url":"https://usn.ubuntu.com/6510-1/","reference_id":"USN-6510-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6510-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/","reference_id":"VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/","reference_id":"ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T20:23:50Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2023-31122"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b68y-4prb-bfdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3846?format=json","vulnerability_id":"VCID-bau7-pme5-ckbt","summary":"HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\n\nUsers are recommended to upgrade to version 2.4.59, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24795","reference_id":"","reference_type":"","scores":[{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78267","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78264","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78271","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78219","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78249","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78231","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01123","scoring_system":"epss","scoring_elements":"0.78258","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412","reference_id":"1068412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273499","reference_id":"2273499","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273499"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-24795.json","reference_id":"CVE-2024-24795","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-24795.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9306","reference_id":"RHSA-2024:9306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3452","reference_id":"RHSA-2025:3452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3453","reference_id":"RHSA-2025:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3453"},{"reference_url":"https://usn.ubuntu.com/6729-1/","reference_id":"USN-6729-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-1/"},{"reference_url":"https://usn.ubuntu.com/6729-2/","reference_id":"USN-6729-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-2/"},{"reference_url":"https://usn.ubuntu.com/6729-3/","reference_id":"USN-6729-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-24795"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bau7-pme5-ckbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3812?format=json","vulnerability_id":"VCID-bvkg-nrwd-e7g8","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690","reference_id":"","reference_type":"","scores":[{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98681","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729","reference_id":"1966729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26690.json","reference_id":"CVE-2021-26690","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26690.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-26690"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3824?format=json","vulnerability_id":"VCID-cqjv-6m9n-mfeq","summary":"A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery).\n\nThis issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44224","reference_id":"","reference_type":"","scores":[{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.93382","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.93414","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.93409","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.93415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.9339","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.93398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1096","scoring_system":"epss","scoring_elements":"0.93406","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034672","reference_id":"2034672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034672"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-44224.json","reference_id":"CVE-2021-44224","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-44224.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5212-1/","reference_id":"USN-5212-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5212-1/"},{"reference_url":"https://usn.ubuntu.com/5212-2/","reference_id":"USN-5212-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5212-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-44224"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqjv-6m9n-mfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3834?format=json","vulnerability_id":"VCID-d36c-rrxh-ybgv","summary":"In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29404","reference_id":"","reference_type":"","scores":[{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84797","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84788","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84806","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84738","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84757","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0232","scoring_system":"epss","scoring_elements":"0.84781","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095012","reference_id":"2095012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095012"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-29404.json","reference_id":"CVE-2022-29404","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-29404.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-29404"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3816?format=json","vulnerability_id":"VCID-db6k-j9mj-e7hy","summary":"A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193","reference_id":"","reference_type":"","scores":[{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72839","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.729","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72892","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72866","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72841","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728","reference_id":"1966728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-33193.json","reference_id":"CVE-2021-33193","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-33193.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-33193"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3840?format=json","vulnerability_id":"VCID-edvy-cern-6kcu","summary":"Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25690","reference_id":"","reference_type":"","scores":[{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98587","published_at":"2026-04-02T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98595","published_at":"2026-04-08T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98596","published_at":"2026-04-09T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.98599","published_at":"2026-04-12T12:55:00Z"},{"value":"0.68183","scoring_system":"epss","scoring_elements":"0.986","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476","reference_id":"1032476","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176209","reference_id":"2176209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176209"},{"reference_url":"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html","reference_id":"Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-18T15:37:02Z/"}],"url":"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2023-25690.json","reference_id":"CVE-2023-25690","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2023-25690.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1547","reference_id":"RHSA-2023:1547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1593","reference_id":"RHSA-2023:1593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1596","reference_id":"RHSA-2023:1596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1597","reference_id":"RHSA-2023:1597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1670","reference_id":"RHSA-2023:1670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1672","reference_id":"RHSA-2023:1672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1673","reference_id":"RHSA-2023:1673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1916","reference_id":"RHSA-2023:1916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3292","reference_id":"RHSA-2023:3292","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3292"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://usn.ubuntu.com/5942-1/","reference_id":"USN-5942-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5942-1/"},{"reference_url":"https://usn.ubuntu.com/5942-2/","reference_id":"USN-5942-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5942-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2023-25690"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edvy-cern-6kcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3805?format=json","vulnerability_id":"VCID-eesz-v6ae-gya3","summary":"In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via \"H2Push off\" will mitigate this vulnerability for unpatched servers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9490","reference_id":"","reference_type":"","scores":[{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.98919","published_at":"2026-04-01T12:55:00Z"},{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.98929","published_at":"2026-04-13T12:55:00Z"},{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.98926","published_at":"2026-04-09T12:55:00Z"},{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.98928","published_at":"2026-04-11T12:55:00Z"},{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.9892","published_at":"2026-04-02T12:55:00Z"},{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.98922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.76276","scoring_system":"epss","scoring_elements":"0.98925","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866560","reference_id":"1866560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866560"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-9490.json","reference_id":"CVE-2020-9490","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-9490.json"},{"reference_url":"https://security.gentoo.org/glsa/202008-04","reference_id":"GLSA-202008-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3714","reference_id":"RHSA-2020:3714","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3714"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3726","reference_id":"RHSA-2020:3726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3733","reference_id":"RHSA-2020:3733","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3733"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3734","reference_id":"RHSA-2020:3734","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3734"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-9490"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eesz-v6ae-gya3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3851?format=json","vulnerability_id":"VCID-ej7y-7na3-5qby","summary":"Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38474","reference_id":"","reference_type":"","scores":[{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.73027","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.72979","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.73016","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.7303","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.73055","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.73034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.72983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00744","scoring_system":"epss","scoring_elements":"0.73003","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295013","reference_id":"2295013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295013"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-38474.json","reference_id":"CVE-2024-38474","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-38474.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T18:02:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4719","reference_id":"RHSA-2024:4719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4720","reference_id":"RHSA-2024:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4726","reference_id":"RHSA-2024:4726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4820","reference_id":"RHSA-2024:4820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4827","reference_id":"RHSA-2024:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4830","reference_id":"RHSA-2024:4830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4862","reference_id":"RHSA-2024:4862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4863","reference_id":"RHSA-2024:4863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4938","reference_id":"RHSA-2024:4938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4943","reference_id":"RHSA-2024:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5239","reference_id":"RHSA-2024:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5240","reference_id":"RHSA-2024:5240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5240"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"},{"reference_url":"https://usn.ubuntu.com/6885-3/","reference_id":"USN-6885-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-3/"},{"reference_url":"https://usn.ubuntu.com/6885-5/","reference_id":"USN-6885-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-5/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-38474"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej7y-7na3-5qby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3802?format=json","vulnerability_id":"VCID-f2y3-s6j8-7ygr","summary":"Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567","reference_id":"","reference_type":"","scores":[{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93886","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740","reference_id":"1966740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-17567.json","reference_id":"CVE-2019-17567","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-17567.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-17567"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3850?format=json","vulnerability_id":"VCID-ftjw-9fb6-d3cw","summary":"Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38473","reference_id":"","reference_type":"","scores":[{"value":"0.88261","scoring_system":"epss","scoring_elements":"0.99492","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88261","scoring_system":"epss","scoring_elements":"0.99486","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88261","scoring_system":"epss","scoring_elements":"0.99488","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88261","scoring_system":"epss","scoring_elements":"0.9949","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88261","scoring_system":"epss","scoring_elements":"0.99491","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295012","reference_id":"2295012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295012"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-38473.json","reference_id":"CVE-2024-38473","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-38473.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-24T13:55:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4720","reference_id":"RHSA-2024:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4726","reference_id":"RHSA-2024:4726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5001","reference_id":"RHSA-2024:5001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5239","reference_id":"RHSA-2024:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5240","reference_id":"RHSA-2024:5240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5240"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-38473"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftjw-9fb6-d3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3691?format=json","vulnerability_id":"VCID-fz8c-b8r4-1yb8","summary":"A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-20001","reference_id":"","reference_type":"","scores":[{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63154","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63174","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63191","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63176","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.6314","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00439","scoring_system":"epss","scoring_elements":"0.63105","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161774","reference_id":"2161774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161774"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2006-20001.json","reference_id":"CVE-2006-20001","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2006-20001.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://usn.ubuntu.com/5834-1/","reference_id":"USN-5834-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5834-1/"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2006-20001"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3829?format=json","vulnerability_id":"VCID-g55m-t4s1-nfhv","summary":"Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.\n\nThis issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23943.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23943","reference_id":"","reference_type":"","scores":[{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.98286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.98284","published_at":"2026-04-11T12:55:00Z"},{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.98285","published_at":"2026-04-12T12:55:00Z"},{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.98273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.98275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.9828","published_at":"2026-04-08T12:55:00Z"},{"value":"0.60552","scoring_system":"epss","scoring_elements":"0.98281","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23943"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064319","reference_id":"2064319","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064319"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-23943.json","reference_id":"CVE-2022-23943","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-23943.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5333-1/","reference_id":"USN-5333-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-1/"},{"reference_url":"https://usn.ubuntu.com/5333-2/","reference_id":"USN-5333-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-23943"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g55m-t4s1-nfhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3814?format=json","vulnerability_id":"VCID-g6xr-qtwz-2yaq","summary":"Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641","reference_id":"","reference_type":"","scores":[{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.9711","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97095","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743","reference_id":"1966743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-30641.json","reference_id":"CVE-2021-30641","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-30641.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-30641"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3835?format=json","vulnerability_id":"VCID-gv84-vfvh-y7hu","summary":"If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30522","reference_id":"","reference_type":"","scores":[{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93636","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93638","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93625","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11589","scoring_system":"epss","scoring_elements":"0.93627","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095015","reference_id":"2095015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095015"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-30522.json","reference_id":"CVE-2022-30522","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-30522.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-30522"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3801?format=json","vulnerability_id":"VCID-h6kk-81jx-h7b8","summary":"Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10098","reference_id":"","reference_type":"","scores":[{"value":"0.80306","scoring_system":"epss","scoring_elements":"0.99111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.80306","scoring_system":"epss","scoring_elements":"0.99114","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80306","scoring_system":"epss","scoring_elements":"0.99119","published_at":"2026-04-11T12:55:00Z"},{"value":"0.80306","scoring_system":"epss","scoring_elements":"0.99117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.80306","scoring_system":"epss","scoring_elements":"0.99112","published_at":"2026-04-02T12:55:00Z"},{"value":"0.80306","scoring_system":"epss","scoring_elements":"0.9912","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/04/01/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/04/01/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743959","reference_id":"1743959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743959"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/","reference_id":"CVE-2019-10098","reference_type":"exploit","scores":[],"url":"https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md","reference_id":"CVE-2019-10098","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-10098.json","reference_id":"CVE-2019-10098","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-10098.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10098","reference_id":"CVE-2019-10098","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10098"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2263","reference_id":"RHSA-2020:2263","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036941?format=json","purl":"pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-7vjg-vetg-p7f6"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-qc9j-x576-ayc1"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-10098"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6kk-81jx-h7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3836?format=json","vulnerability_id":"VCID-hm3f-m22n-u3gy","summary":"Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30556","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66229","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66253","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66273","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6626","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095018","reference_id":"2095018","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095018"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-30556.json","reference_id":"CVE-2022-30556","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-30556.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-30556"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3839?format=json","vulnerability_id":"VCID-htfx-mahy-9kde","summary":"Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37436","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64237","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64235","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64262","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64264","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64208","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161773","reference_id":"2161773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161773"},{"reference_url":"https://security.archlinux.org/AVG-2824","reference_id":"AVG-2824","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2824"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-37436.json","reference_id":"CVE-2022-37436","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2022-37436.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0852","reference_id":"RHSA-2023:0852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0970","reference_id":"RHSA-2023:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://usn.ubuntu.com/5839-1/","reference_id":"USN-5839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-1/"},{"reference_url":"https://usn.ubuntu.com/5839-2/","reference_id":"USN-5839-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5839-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-37436"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3827?format=json","vulnerability_id":"VCID-k4nk-qqxg-s7e6","summary":"Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22720","reference_id":"","reference_type":"","scores":[{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96414","published_at":"2026-04-11T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.9639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96395","published_at":"2026-04-04T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96407","published_at":"2026-04-08T12:55:00Z"},{"value":"0.27458","scoring_system":"epss","scoring_elements":"0.96409","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064321","reference_id":"2064321","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064321"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-22720.json","reference_id":"CVE-2022-22720","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-22720.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1045","reference_id":"RHSA-2022:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1049","reference_id":"RHSA-2022:1049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1072","reference_id":"RHSA-2022:1072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1075","reference_id":"RHSA-2022:1075","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1075"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1080","reference_id":"RHSA-2022:1080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1102","reference_id":"RHSA-2022:1102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1136","reference_id":"RHSA-2022:1136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1137","reference_id":"RHSA-2022:1137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1138","reference_id":"RHSA-2022:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1139","reference_id":"RHSA-2022:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1173","reference_id":"RHSA-2022:1173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1389","reference_id":"RHSA-2022:1389","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1389"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1390","reference_id":"RHSA-2022:1390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1390"},{"reference_url":"https://usn.ubuntu.com/5333-1/","reference_id":"USN-5333-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-1/"},{"reference_url":"https://usn.ubuntu.com/5333-2/","reference_id":"USN-5333-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-22720"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4nk-qqxg-s7e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3845?format=json","vulnerability_id":"VCID-kkuy-1j91-9bb2","summary":"When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\n\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45802","reference_id":"","reference_type":"","scores":[{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82511","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.8252","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82516","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82467","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82495","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01741","scoring_system":"epss","scoring_elements":"0.82501","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243877","reference_id":"2243877","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243877"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2023-45802.json","reference_id":"CVE-2023-45802","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2023-45802.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7625","reference_id":"RHSA-2023:7625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7626","reference_id":"RHSA-2023:7626","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7626"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2368","reference_id":"RHSA-2024:2368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2891","reference_id":"RHSA-2024:2891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3121","reference_id":"RHSA-2024:3121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3121"},{"reference_url":"https://usn.ubuntu.com/6506-1/","reference_id":"USN-6506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6506-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2023-45802"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkuy-1j91-9bb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3820?format=json","vulnerability_id":"VCID-mtg7-8556-kbgd","summary":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438","reference_id":"","reference_type":"","scores":[{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117","reference_id":"2005117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_id":"cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-40438.json","reference_id":"CVE-2021-40438","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-40438.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4982","reference_id":"dsa-4982","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.debian.org/security/2021/dsa-4982"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211008-0004/","reference_id":"ntap-20211008-0004","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211008-0004/"},{"reference_url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_id":"r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_id":"r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_id":"r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_id":"r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_id":"r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_id":"r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_id":"rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3745","reference_id":"RHSA-2021:3745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3746","reference_id":"RHSA-2021:3746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3754","reference_id":"RHSA-2021:3754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3836","reference_id":"RHSA-2021:3836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3837","reference_id":"RHSA-2021:3837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3856","reference_id":"RHSA-2021:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3856"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/","reference_id":"SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf","reference_id":"ssa-685781.pdf","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"},{"reference_url":"https://www.tenable.com/security/tns-2021-17","reference_id":"tns-2021-17","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.tenable.com/security/tns-2021-17"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/","reference_id":"ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-40438"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3832?format=json","vulnerability_id":"VCID-na94-5565-dyfc","summary":"The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28614","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69311","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69295","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6922","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.6924","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69271","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095002","reference_id":"2095002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095002"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28614.json","reference_id":"CVE-2022-28614","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28614.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-28614"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3837?format=json","vulnerability_id":"VCID-p2a1-afnh-7qca","summary":"Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31813","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11511","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13379","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13443","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13305","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095020","reference_id":"2095020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095020"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-31813.json","reference_id":"CVE-2022-31813","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-31813.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-31813"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3854?format=json","vulnerability_id":"VCID-pjxs-hnjr-duey","summary":"null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38477","reference_id":"","reference_type":"","scores":[{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78472","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01148","scoring_system":"epss","scoring_elements":"0.78498","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80057","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80036","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80075","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295016","reference_id":"2295016","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295016"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-38477.json","reference_id":"CVE-2024-38477","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-38477.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:23:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4719","reference_id":"RHSA-2024:4719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4720","reference_id":"RHSA-2024:4720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4726","reference_id":"RHSA-2024:4726","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4726"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4820","reference_id":"RHSA-2024:4820","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4820"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4827","reference_id":"RHSA-2024:4827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4830","reference_id":"RHSA-2024:4830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4830"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4862","reference_id":"RHSA-2024:4862","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4863","reference_id":"RHSA-2024:4863","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4938","reference_id":"RHSA-2024:4938","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4938"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4943","reference_id":"RHSA-2024:4943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5239","reference_id":"RHSA-2024:5239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5240","reference_id":"RHSA-2024:5240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5240"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"},{"reference_url":"https://usn.ubuntu.com/6885-3/","reference_id":"USN-6885-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-38477"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjxs-hnjr-duey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3826?format=json","vulnerability_id":"VCID-pnc8-bb23-vqh1","summary":"A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.52 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22719","reference_id":"","reference_type":"","scores":[{"value":"0.29312","scoring_system":"epss","scoring_elements":"0.96593","published_at":"2026-04-11T12:55:00Z"},{"value":"0.29312","scoring_system":"epss","scoring_elements":"0.96591","published_at":"2026-04-09T12:55:00Z"},{"value":"0.29312","scoring_system":"epss","scoring_elements":"0.96578","published_at":"2026-04-04T12:55:00Z"},{"value":"0.29312","scoring_system":"epss","scoring_elements":"0.96581","published_at":"2026-04-07T12:55:00Z"},{"value":"0.29312","scoring_system":"epss","scoring_elements":"0.96589","published_at":"2026-04-08T12:55:00Z"},{"value":"0.29312","scoring_system":"epss","scoring_elements":"0.96573","published_at":"2026-04-02T12:55:00Z"},{"value":"0.29423","scoring_system":"epss","scoring_elements":"0.96602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.29423","scoring_system":"epss","scoring_elements":"0.96599","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064322","reference_id":"2064322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064322"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-22719.json","reference_id":"CVE-2022-22719","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-22719.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://usn.ubuntu.com/5333-1/","reference_id":"USN-5333-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-1/"},{"reference_url":"https://usn.ubuntu.com/5333-2/","reference_id":"USN-5333-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-22719"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnc8-bb23-vqh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3856?format=json","vulnerability_id":"VCID-pz6f-mahv-hue8","summary":"A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39884","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47871","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295761","reference_id":"2295761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295761"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/17/6","reference_id":"6","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/17/6"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-39884.json","reference_id":"CVE-2024-39884","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-39884.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0002/","reference_id":"ntap-20240712-0002","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0002/"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-39884"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6f-mahv-hue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3857?format=json","vulnerability_id":"VCID-qjeh-n57t-y7g5","summary":"A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40725.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40725","reference_id":"","reference_type":"","scores":[{"value":"0.25097","scoring_system":"epss","scoring_elements":"0.96177","published_at":"2026-04-13T12:55:00Z"},{"value":"0.25097","scoring_system":"epss","scoring_elements":"0.96159","published_at":"2026-04-07T12:55:00Z"},{"value":"0.25097","scoring_system":"epss","scoring_elements":"0.96169","published_at":"2026-04-08T12:55:00Z"},{"value":"0.25097","scoring_system":"epss","scoring_elements":"0.96173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.25097","scoring_system":"epss","scoring_elements":"0.96175","published_at":"2026-04-12T12:55:00Z"},{"value":"0.25097","scoring_system":"epss","scoring_elements":"0.96154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26567","scoring_system":"epss","scoring_elements":"0.96301","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40725"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40725"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297362","reference_id":"2297362","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2297362"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-40725.json","reference_id":"CVE-2024-40725","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-40725.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://usn.ubuntu.com/6902-1/","reference_id":"USN-6902-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6902-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-40725"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjeh-n57t-y7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3830?format=json","vulnerability_id":"VCID-qm7e-n9ay-hufy","summary":"Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.  This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26377","reference_id":"","reference_type":"","scores":[{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97289","published_at":"2026-04-13T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.39296","scoring_system":"epss","scoring_elements":"0.97288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-09T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.97313","published_at":"2026-04-04T12:55:00Z"},{"value":"0.3988","scoring_system":"epss","scoring_elements":"0.9732","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513","reference_id":"1012513","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2094997","reference_id":"2094997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2094997"},{"reference_url":"https://security.archlinux.org/AVG-2763","reference_id":"AVG-2763","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2763"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-26377.json","reference_id":"CVE-2022-26377","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-26377.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5487-1/","reference_id":"USN-5487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-1/"},{"reference_url":"https://usn.ubuntu.com/5487-3/","reference_id":"USN-5487-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5487-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-26377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3848?format=json","vulnerability_id":"VCID-r2pc-wuzb-h7hk","summary":"Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36387","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34143","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34186","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34216","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34173","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34247","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3428","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39573"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295006","reference_id":"2295006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295006"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-36387.json","reference_id":"CVE-2024-36387","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-36387.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0001/","reference_id":"ntap-20240712-0001","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T16:22:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8680","reference_id":"RHSA-2024:8680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:8680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3452","reference_id":"RHSA-2025:3452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3453","reference_id":"RHSA-2025:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3453"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2024-36387"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2pc-wuzb-h7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3818?format=json","vulnerability_id":"VCID-rdtq-8ng5-53fn","summary":"A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160","reference_id":"","reference_type":"","scores":[{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87978","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87947","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87968","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124","reference_id":"2005124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-36160.json","reference_id":"CVE-2021-36160","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-36160.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-36160"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3806?format=json","vulnerability_id":"VCID-t67v-c4gx-ukbj","summary":"In Apache HTTP Server versions 2.4.32 to 2.4.43, mod_proxy_uwsgi has a information disclosure and possible RCE","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11984.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11984","reference_id":"","reference_type":"","scores":[{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98877","published_at":"2026-04-01T12:55:00Z"},{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98886","published_at":"2026-04-12T12:55:00Z"},{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98879","published_at":"2026-04-02T12:55:00Z"},{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98881","published_at":"2026-04-04T12:55:00Z"},{"value":"0.75348","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866563","reference_id":"1866563","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866563"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-11984.json","reference_id":"CVE-2020-11984","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-11984.json"},{"reference_url":"https://security.gentoo.org/glsa/202008-04","reference_id":"GLSA-202008-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4383","reference_id":"RHSA-2020:4383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4384","reference_id":"RHSA-2020:4384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1809","reference_id":"RHSA-2021:1809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1809"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"},{"reference_url":"https://usn.ubuntu.com/5054-1/","reference_id":"USN-5054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5054-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5054-2/","reference_id":"USN-USN-5054-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5054-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-11984"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t67v-c4gx-ukbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3797?format=json","vulnerability_id":"VCID-v41h-pbbe-zfas","summary":"HTTP/2 very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10081","reference_id":"","reference_type":"","scores":[{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96516","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96549","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96544","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96546","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96525","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96529","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28784","scoring_system":"epss","scoring_elements":"0.96542","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743966","reference_id":"1743966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1743966"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-10081.json","reference_id":"CVE-2019-10081","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-10081.json"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1336","reference_id":"RHSA-2020:1336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1337","reference_id":"RHSA-2020:1337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036941?format=json","purl":"pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-7vjg-vetg-p7f6"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-qc9j-x576-ayc1"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-10081"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v41h-pbbe-zfas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3819?format=json","vulnerability_id":"VCID-wrw6-uzz4-rkfb","summary":"ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275","reference_id":"","reference_type":"","scores":[{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97171","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97199","published_at":"2026-04-13T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97193","published_at":"2026-04-08T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97183","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119","reference_id":"2005119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-39275.json","reference_id":"CVE-2021-39275","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-39275.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-39275"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3828?format=json","vulnerability_id":"VCID-xfm9-e5nr-wyat","summary":"If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.\n\nThis issue affects Apache HTTP Server 2.4.52 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22721","reference_id":"","reference_type":"","scores":[{"value":"0.13159","scoring_system":"epss","scoring_elements":"0.94126","published_at":"2026-04-11T12:55:00Z"},{"value":"0.13159","scoring_system":"epss","scoring_elements":"0.94121","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13159","scoring_system":"epss","scoring_elements":"0.94104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13159","scoring_system":"epss","scoring_elements":"0.94108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13159","scoring_system":"epss","scoring_elements":"0.94117","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13159","scoring_system":"epss","scoring_elements":"0.94093","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13224","scoring_system":"epss","scoring_elements":"0.94143","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22721"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064320","reference_id":"2064320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064320"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-22721.json","reference_id":"CVE-2022-22721","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-22721.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7647","reference_id":"RHSA-2022:7647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8067","reference_id":"RHSA-2022:8067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8840","reference_id":"RHSA-2022:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"},{"reference_url":"https://usn.ubuntu.com/5333-1/","reference_id":"USN-5333-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-1/"},{"reference_url":"https://usn.ubuntu.com/5333-2/","reference_id":"USN-5333-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5333-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2022-22721"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfm9-e5nr-wyat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3843?format=json","vulnerability_id":"VCID-xhyc-9rpu-2bc8","summary":"Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38709","reference_id":"","reference_type":"","scores":[{"value":"0.03255","scoring_system":"epss","scoring_elements":"0.87129","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03255","scoring_system":"epss","scoring_elements":"0.8714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03255","scoring_system":"epss","scoring_elements":"0.87134","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87294","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87277","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87261","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03342","scoring_system":"epss","scoring_elements":"0.87302","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412","reference_id":"1068412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068412"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Jul/18","reference_id":"18","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jul/18"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273491","reference_id":"2273491","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2273491"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/04/3","reference_id":"3","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/04/3"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2023-38709.json","reference_id":"CVE-2023-38709","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2023-38709.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://support.apple.com/kb/HT214119","reference_id":"HT214119","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"https://support.apple.com/kb/HT214119"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/","reference_id":"I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/","reference_id":"LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240415-0013/","reference_id":"ntap-20240415-0013","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240415-0013/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4197","reference_id":"RHSA-2024:4197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6927","reference_id":"RHSA-2024:6927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6928","reference_id":"RHSA-2024:6928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9306","reference_id":"RHSA-2024:9306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9306"},{"reference_url":"https://usn.ubuntu.com/6729-1/","reference_id":"USN-6729-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-1/"},{"reference_url":"https://usn.ubuntu.com/6729-2/","reference_id":"USN-6729-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-2/"},{"reference_url":"https://usn.ubuntu.com/6729-3/","reference_id":"USN-6729-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6729-3/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/","reference_id":"WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:57:02Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2023-38709"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhyc-9rpu-2bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3844?format=json","vulnerability_id":"VCID-xnfs-bpwj-3ycp","summary":"An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\n\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43622","reference_id":"","reference_type":"","scores":[{"value":"0.59064","scoring_system":"epss","scoring_elements":"0.98216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.61258","scoring_system":"epss","scoring_elements":"0.98318","published_at":"2026-04-13T12:55:00Z"},{"value":"0.61258","scoring_system":"epss","scoring_elements":"0.98307","published_at":"2026-04-04T12:55:00Z"},{"value":"0.61258","scoring_system":"epss","scoring_elements":"0.98309","published_at":"2026-04-07T12:55:00Z"},{"value":"0.61258","scoring_system":"epss","scoring_elements":"0.98314","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245153","reference_id":"2245153","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2245153"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2023-43622.json","reference_id":"CVE-2023-43622","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2023-43622.json"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231027-0011/","reference_id":"ntap-20231027-0011","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T16:02:28Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231027-0011/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2368","reference_id":"RHSA-2024:2368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2368"},{"reference_url":"https://usn.ubuntu.com/6506-1/","reference_id":"USN-6506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6506-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2023-43622"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xnfs-bpwj-3ycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3825?format=json","vulnerability_id":"VCID-xwnu-h1xh-3bg6","summary":"A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts).\nThe Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one.\n\nThis issue affects Apache HTTP Server 2.4.51 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44790","reference_id":"","reference_type":"","scores":[{"value":"0.86011","scoring_system":"epss","scoring_elements":"0.99393","published_at":"2026-04-13T12:55:00Z"},{"value":"0.87092","scoring_system":"epss","scoring_elements":"0.99437","published_at":"2026-04-02T12:55:00Z"},{"value":"0.87092","scoring_system":"epss","scoring_elements":"0.99438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.87092","scoring_system":"epss","scoring_elements":"0.99439","published_at":"2026-04-07T12:55:00Z"},{"value":"0.87092","scoring_system":"epss","scoring_elements":"0.99441","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44790"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034674","reference_id":"2034674","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034674"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py","reference_id":"CVE-2021-44790","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51193.py"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-44790.json","reference_id":"CVE-2021-44790","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-44790.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0258","reference_id":"RHSA-2022:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0288","reference_id":"RHSA-2022:0288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0288"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0303","reference_id":"RHSA-2022:0303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1136","reference_id":"RHSA-2022:1136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1136"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1137","reference_id":"RHSA-2022:1137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1138","reference_id":"RHSA-2022:1138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1139","reference_id":"RHSA-2022:1139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1139"},{"reference_url":"https://usn.ubuntu.com/5212-1/","reference_id":"USN-5212-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5212-1/"},{"reference_url":"https://usn.ubuntu.com/5212-2/","reference_id":"USN-5212-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5212-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2021-44790"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwnu-h1xh-3bg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3796?format=json","vulnerability_id":"VCID-y3k1-c4rn-xbc2","summary":"A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9517","reference_id":"","reference_type":"","scores":[{"value":"0.04564","scoring_system":"epss","scoring_elements":"0.89159","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04564","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90648","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90624","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90643","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741868","reference_id":"1741868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741868"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-9517.json","reference_id":"CVE-2019-9517","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-9517.json"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2893","reference_id":"RHSA-2019:2893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036941?format=json","purl":"pkg:deb/debian/apache2@2.4.25-3%2Bdeb9u9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-4sss-a8ne-kqbc"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-7vjg-vetg-p7f6"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-qc9j-x576-ayc1"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-ugdv-apr8-g3bz"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.25-3%252Bdeb9u9"},{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2019-9517"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3k1-c4rn-xbc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3808?format=json","vulnerability_id":"VCID-yz3c-arnr-y3cs","summary":"In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.\nConfiguring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11993","reference_id":"","reference_type":"","scores":[{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96887","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96919","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96918","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96899","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96912","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33361","scoring_system":"epss","scoring_elements":"0.96914","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866564","reference_id":"1866564","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1866564"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-11993.json","reference_id":"CVE-2020-11993","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-11993.json"},{"reference_url":"https://security.gentoo.org/glsa/202008-04","reference_id":"GLSA-202008-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4383","reference_id":"RHSA-2020:4383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4384","reference_id":"RHSA-2020:4384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1809","reference_id":"RHSA-2021:1809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1809"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037784?format=json","purl":"pkg:deb/debian/apache2@2.4.38-3%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-2e6w-fs4j-17g9"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-4c3m-m6ku-kbhq"},{"vulnerability":"VCID-4d3t-es7p-9qhn"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6b7y-562y-suce"},{"vulnerability":"VCID-6qk8-1cj1-4fh7"},{"vulnerability":"VCID-6tgh-b4td-63f5"},{"vulnerability":"VCID-7vfk-1dwm-xbbt"},{"vulnerability":"VCID-8edq-8rvq-rkf1"},{"vulnerability":"VCID-8nw9-zpxn-ckab"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-9ych-ybpr-j3h6"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-b68y-4prb-bfdk"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-bau7-pme5-ckbt"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-cqjv-6m9n-mfeq"},{"vulnerability":"VCID-d36c-rrxh-ybgv"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-edvy-cern-6kcu"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ej7y-7na3-5qby"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ftjw-9fb6-d3cw"},{"vulnerability":"VCID-fz8c-b8r4-1yb8"},{"vulnerability":"VCID-g55m-t4s1-nfhv"},{"vulnerability":"VCID-g6xr-qtwz-2yaq"},{"vulnerability":"VCID-gv84-vfvh-y7hu"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-hm3f-m22n-u3gy"},{"vulnerability":"VCID-htfx-mahy-9kde"},{"vulnerability":"VCID-k4nk-qqxg-s7e6"},{"vulnerability":"VCID-kkuy-1j91-9bb2"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-na94-5565-dyfc"},{"vulnerability":"VCID-p2a1-afnh-7qca"},{"vulnerability":"VCID-pjxs-hnjr-duey"},{"vulnerability":"VCID-pnc8-bb23-vqh1"},{"vulnerability":"VCID-pz6f-mahv-hue8"},{"vulnerability":"VCID-qjeh-n57t-y7g5"},{"vulnerability":"VCID-qm7e-n9ay-hufy"},{"vulnerability":"VCID-r2pc-wuzb-h7hk"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-t67v-c4gx-ukbj"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-xfm9-e5nr-wyat"},{"vulnerability":"VCID-xhyc-9rpu-2bc8"},{"vulnerability":"VCID-xnfs-bpwj-3ycp"},{"vulnerability":"VCID-xwnu-h1xh-3bg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.38-3%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/1049887?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2d8p-bbc1-hkfa"},{"vulnerability":"VCID-3ay7-bwah-2yd1"},{"vulnerability":"VCID-9tez-97xg-z3bs"},{"vulnerability":"VCID-b9ks-detx-nkdw"},{"vulnerability":"VCID-fsh3-7b9j-dfgf"},{"vulnerability":"VCID-ha7f-21gy-3qa2"},{"vulnerability":"VCID-r471-g9xs-sbga"},{"vulnerability":"VCID-td8g-tmny-jyaa"},{"vulnerability":"VCID-varh-ysfr-euc8"},{"vulnerability":"VCID-ww49-y35r-ykdd"},{"vulnerability":"VCID-zxet-n94k-57ge"},{"vulnerability":"VCID-zyyh-n42k-8bhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}],"aliases":["CVE-2020-11993"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yz3c-arnr-y3cs"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1"}