{"url":"http://public2.vulnerablecode.io/api/packages/1050659?format=json","purl":"pkg:deb/debian/apr@1.4.2-6%2Bsqueeze4","type":"deb","namespace":"debian","name":"apr","version":"1.4.2-6+squeeze4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.7.2-3+deb12u1","latest_non_vulnerable_version":"1.7.2-3+deb12u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46064?format=json","vulnerability_id":"VCID-29bh-jatc-73ad","summary":"Memory consumption errors in Apache Portable Runtime and APR\n    Utility Library could result in Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0840.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0840","reference_id":"","reference_type":"","scores":[{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.97137","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.97143","published_at":"2026-04-02T12:55:00Z"},{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.97149","published_at":"2026-04-04T12:55:00Z"},{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.9715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.9716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.97164","published_at":"2026-04-11T12:55:00Z"},{"value":"0.37182","scoring_system":"epss","scoring_elements":"0.97165","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655435","reference_id":"655435","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655435"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=781606","reference_id":"781606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=781606"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/36669.txt","reference_id":"CVE-2012-0840;OSVDB-78932","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/36669.txt"},{"reference_url":"https://www.securityfocus.com/bid/51917/info","reference_id":"CVE-2012-0840;OSVDB-78932","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/51917/info"},{"reference_url":"https://security.gentoo.org/glsa/201405-24","reference_id":"GLSA-201405-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050660?format=json","purl":"pkg:deb/debian/apr@1.4.6-3%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3qre-qddd-eqgk"},{"vulnerability":"VCID-jdxe-krj9-8kax"},{"vulnerability":"VCID-xz52-5z1u-cuf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.6-3%252Bdeb7u1"}],"aliases":["CVE-2012-0840"],"risk_score":0.6,"exploitability":"2.0","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29bh-jatc-73ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3726?format=json","vulnerability_id":"VCID-3cea-3rkm-r7gs","summary":"A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.\nWorkaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack.\nResolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)","references":[{"reference_url":"http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22","reference_id":"","reference_type":"","scores":[],"url":"http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22"},{"reference_url":"http://cxib.net/stuff/apache.fnmatch.phps","reference_id":"","reference_type":"","scores":[],"url":"http://cxib.net/stuff/apache.fnmatch.phps"},{"reference_url":"http://cxib.net/stuff/apr_fnmatch.txts","reference_id":"","reference_type":"","scores":[],"url":"http://cxib.net/stuff/apr_fnmatch.txts"},{"reference_url":"http://httpd.apache.org/security/vulnerabilities_22.html","reference_id":"","reference_type":"","scores":[],"url":"http://httpd.apache.org/security/vulnerabilities_22.html"},{"reference_url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=131551295528105&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=131551295528105&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=131731002122529&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=131731002122529&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132033751509019&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=132033751509019&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=134987041210674&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=134987041210674&w=2"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0419.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0419","reference_id":"","reference_type":"","scores":[{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97759","published_at":"2026-04-13T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97735","published_at":"2026-04-01T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97756","published_at":"2026-04-11T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97745","published_at":"2026-04-07T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.9775","published_at":"2026-04-08T12:55:00Z"},{"value":"0.48782","scoring_system":"epss","scoring_elements":"0.97753","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419"},{"reference_url":"http://secunia.com/advisories/44490","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44490"},{"reference_url":"http://secunia.com/advisories/44564","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44564"},{"reference_url":"http://secunia.com/advisories/44574","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44574"},{"reference_url":"http://secunia.com/advisories/48308","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48308"},{"reference_url":"http://securityreason.com/achievement_securityalert/98","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/achievement_securityalert/98"},{"reference_url":"http://securityreason.com/securityalert/8246","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8246"},{"reference_url":"http://securitytracker.com/id?1025527","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1025527"},{"reference_url":"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"},{"reference_url":"http://support.apple.com/kb/HT5002","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5002"},{"reference_url":"http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1098188","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1098188"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1098799","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1098799"},{"reference_url":"http://www.apache.org/dist/apr/Announcement1.x.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/apr/Announcement1.x.html"},{"reference_url":"http://www.apache.org/dist/apr/CHANGES-APR-1.4","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/apr/CHANGES-APR-1.4"},{"reference_url":"http://www.apache.org/dist/httpd/Announcement2.2.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/httpd/Announcement2.2.html"},{"reference_url":"http://www.debian.org/security/2011/dsa-2237","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2011/dsa-2237"},{"reference_url":"http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html"},{"reference_url":"http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html"},{"reference_url":"http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:084","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:084"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"},{"reference_url":"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15","reference_id":"","reference_type":"","scores":[],"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0507.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0507.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0897.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=703390","reference_id":"703390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=703390"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:openbsd:openbsd:4.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*","reference_id":"cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2011-0419.json","reference_id":"CVE-2011-0419","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2011-0419.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0419","reference_id":"CVE-2011-0419","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0419"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35738.php","reference_id":"CVE-2011-0419;OSVDB-73383","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35738.php"},{"reference_url":"https://www.securityfocus.com/bid/47820/info","reference_id":"CVE-2011-0419;OSVDB-73383","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/47820/info"},{"reference_url":"https://security.gentoo.org/glsa/201405-24","reference_id":"GLSA-201405-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0507","reference_id":"RHSA-2011:0507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0507"},{"reference_url":"https://usn.ubuntu.com/1134-1/","reference_id":"USN-1134-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1134-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050660?format=json","purl":"pkg:deb/debian/apr@1.4.6-3%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3qre-qddd-eqgk"},{"vulnerability":"VCID-jdxe-krj9-8kax"},{"vulnerability":"VCID-xz52-5z1u-cuf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.6-3%252Bdeb7u1"}],"aliases":["CVE-2011-0419"],"risk_score":9.6,"exploitability":"2.0","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cea-3rkm-r7gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78696?format=json","vulnerability_id":"VCID-3qre-qddd-eqgk","summary":"apr: integer overflow/wraparound in apr_encode","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24963.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24963","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.3392","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33847","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33879","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33878","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33836","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33951","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24963","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24963"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169465","reference_id":"2169465","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2169465"},{"reference_url":"https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9","reference_id":"fw9p6sdncwsjkstwc066vz57xqzfksq9","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:33:34Z/"}],"url":"https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230908-0008/","reference_id":"ntap-20230908-0008","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:33:34Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230908-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4628","reference_id":"RHSA-2023:4628","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4628"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4629","reference_id":"RHSA-2023:4629","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4629"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4909","reference_id":"RHSA-2023:4909","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4910","reference_id":"RHSA-2023:4910","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4910"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7711","reference_id":"RHSA-2023:7711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7711"},{"reference_url":"https://usn.ubuntu.com/5885-1/","reference_id":"USN-5885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586164?format=json","purl":"pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g38k-gh86-pkcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2"}],"aliases":["CVE-2022-24963"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qre-qddd-eqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83867?format=json","vulnerability_id":"VCID-jdxe-krj9-8kax","summary":"apr: Out-of-bounds array deref in apr_time_exp*() functions","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0465","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0466","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0466"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12613","reference_id":"","reference_type":"","scores":[{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48167","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48234","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48176","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.4823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48205","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0025","scoring_system":"epss","scoring_elements":"0.48225","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:M/C:P/I:N/A:P"},{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1807976","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc?view=revision&revision=1807976"},{"reference_url":"http://www.apache.org/dist/apr/Announcement1.x.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/apr/Announcement1.x.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/08/23/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/08/23/1"},{"reference_url":"http://www.securityfocus.com/bid/101560","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101560"},{"reference_url":"http://www.securitytracker.com/id/1042004","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506523","reference_id":"1506523","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1506523"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708","reference_id":"879708","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708"},{"reference_url":"https://security.archlinux.org/ASA-201710-32","reference_id":"ASA-201710-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-32"},{"reference_url":"https://security.archlinux.org/AVG-469","reference_id":"AVG-469","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-469"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12613","reference_id":"CVE-2017-12613","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:P"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3270","reference_id":"RHSA-2017:3270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3270"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0316","reference_id":"RHSA-2018:0316","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0316"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1253","reference_id":"RHSA-2018:1253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1253"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052636?format=json","purl":"pkg:deb/debian/apr@1.6.5-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3qre-qddd-eqgk"},{"vulnerability":"VCID-xz52-5z1u-cuf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.6.5-1"}],"aliases":["CVE-2017-12613"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46062?format=json","vulnerability_id":"VCID-qebd-7szr-y7cx","summary":"Memory consumption errors in Apache Portable Runtime and APR\n    Utility Library could result in Denial of Service.","references":[{"reference_url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403%40apache.org%3E"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201105.mbox/%3c4DD55076.1060005%40apache.org%3e"},{"reference_url":"http://marc.info/?l=bugtraq&m=134987041210674&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=134987041210674&w=2"},{"reference_url":"http://openwall.com/lists/oss-security/2011/05/19/10","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2011/05/19/10"},{"reference_url":"http://openwall.com/lists/oss-security/2011/05/19/5","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2011/05/19/5"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1928.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1928","reference_id":"","reference_type":"","scores":[{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94391","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94402","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94404","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.94417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14392","scoring_system":"epss","scoring_elements":"0.9442","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928"},{"reference_url":"http://secunia.com/advisories/44558","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44558"},{"reference_url":"http://secunia.com/advisories/44613","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44613"},{"reference_url":"http://secunia.com/advisories/44661","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44661"},{"reference_url":"http://secunia.com/advisories/44780","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/44780"},{"reference_url":"http://secunia.com/advisories/48308","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48308"},{"reference_url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=51219","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=51219"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:095","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:095"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0844.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0844.html"},{"reference_url":"http://www.vupen.com/english/advisories/2011/1289","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/1289"},{"reference_url":"http://www.vupen.com/english/advisories/2011/1290","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/1290"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182","reference_id":"627182","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=706203","reference_id":"706203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=706203"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:apr-util:1.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:apr-util:1.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apr-util:1.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1928","reference_id":"CVE-2011-1928","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1928"},{"reference_url":"https://security.gentoo.org/glsa/201405-24","reference_id":"GLSA-201405-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0844","reference_id":"RHSA-2011:0844","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0844"},{"reference_url":"https://usn.ubuntu.com/1134-1/","reference_id":"USN-1134-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1134-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050660?format=json","purl":"pkg:deb/debian/apr@1.4.6-3%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3qre-qddd-eqgk"},{"vulnerability":"VCID-jdxe-krj9-8kax"},{"vulnerability":"VCID-xz52-5z1u-cuf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.6-3%252Bdeb7u1"}],"aliases":["CVE-2011-1928"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qebd-7szr-y7cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80069?format=json","vulnerability_id":"VCID-xz52-5z1u-cuf9","summary":"apr: Regression of CVE-2017-12613 fix in apr 1.7","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35940","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17825","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17874","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17999","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18054","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17842","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17903","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980328","reference_id":"1980328","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789","reference_id":"992789","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789"},{"reference_url":"https://security.archlinux.org/AVG-2313","reference_id":"AVG-2313","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2313"},{"reference_url":"https://usn.ubuntu.com/5056-1/","reference_id":"USN-5056-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5056-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586164?format=json","purl":"pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g38k-gh86-pkcn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2"}],"aliases":["CVE-2021-35940"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz52-5z1u-cuf9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3712?format=json","vulnerability_id":"VCID-umuk-3n1q-3qet","summary":"A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2412","reference_id":"","reference_type":"","scores":[{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91943","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91904","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91912","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.9192","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91926","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91939","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91944","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07751","scoring_system":"epss","scoring_elements":"0.91947","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=515698","reference_id":"515698","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=515698"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2009-2412.json","reference_id":"CVE-2009-2412","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2009-2412.json"},{"reference_url":"https://security.gentoo.org/glsa/200909-03","reference_id":"GLSA-200909-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200909-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1204","reference_id":"RHSA-2009:1204","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1204"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1205","reference_id":"RHSA-2009:1205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1462","reference_id":"RHSA-2009:1462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1462"},{"reference_url":"https://usn.ubuntu.com/813-1/","reference_id":"USN-813-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/813-1/"},{"reference_url":"https://usn.ubuntu.com/813-2/","reference_id":"USN-813-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/813-2/"},{"reference_url":"https://usn.ubuntu.com/813-3/","reference_id":"USN-813-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/813-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050659?format=json","purl":"pkg:deb/debian/apr@1.4.2-6%2Bsqueeze4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29bh-jatc-73ad"},{"vulnerability":"VCID-3cea-3rkm-r7gs"},{"vulnerability":"VCID-3qre-qddd-eqgk"},{"vulnerability":"VCID-jdxe-krj9-8kax"},{"vulnerability":"VCID-qebd-7szr-y7cx"},{"vulnerability":"VCID-xz52-5z1u-cuf9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.2-6%252Bsqueeze4"}],"aliases":["CVE-2009-2412"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umuk-3n1q-3qet"}],"risk_score":"9.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.2-6%252Bsqueeze4"}