Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/httpd@2.4.6-93?arch=el7

Type rpm

Namespace redhat

Name httpd

Version 2.4.6-93

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-ct26-19cq-8kd7

vulnerability_id

VCID-ct26-19cq-8kd7

summary

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17199

reference_id

reference_type

scores

value	0.10459
scoring_system	epss
scoring_elements	0.93208
published_at	2026-04-01T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93236
published_at	2026-04-13T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.9322
published_at	2026-04-07T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93228
published_at	2026-04-08T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93233
published_at	2026-04-09T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93237
published_at	2026-04-11T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93234
published_at	2026-04-12T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93217
published_at	2026-04-02T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93222
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html

reference_url	https://seclists.org/bugtraq/2019/Apr/5
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/5

reference_url	https://security.gentoo.org/glsa/201903-21
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201903-21

reference_url	https://security.netapp.com/advisory/ntap-20190125-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190125-0001/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

reference_url	https://www.debian.org/security/2019/dsa-4422
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4422

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://www.tenable.com/security/tns-2019-09
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2019-09

reference_url	http://www.securityfocus.com/bid/106742
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106742

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1668493
reference_id	1668493
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1668493

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303
reference_id	920303
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303

reference_url	https://security.archlinux.org/ASA-201901-14
reference_id	ASA-201901-14
reference_type
scores
url	https://security.archlinux.org/ASA-201901-14

reference_url

https://security.archlinux.org/AVG-857

reference_id

AVG-857

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-857

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_id	cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_id	cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2018-17199.json

reference_id

CVE-2018-17199

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-17199.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17199

reference_id

CVE-2018-17199

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17199

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:1121
reference_id	RHSA-2020:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1121

reference_url	https://access.redhat.com/errata/RHSA-2021:1809
reference_id	RHSA-2021:1809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1809

reference_url	https://usn.ubuntu.com/3937-1/
reference_id	USN-3937-1
reference_type
scores
url	https://usn.ubuntu.com/3937-1/

fixed_packages

aliases

CVE-2018-17199

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7

url

VCID-jzuw-73df-mfff

vulnerability_id

VCID-jzuw-73df-mfff

summary

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1301

reference_id

reference_type

scores

value	0.07499
scoring_system	epss
scoring_elements	0.91755
published_at	2026-04-01T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91798
published_at	2026-04-13T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91797
published_at	2026-04-09T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.918
published_at	2026-04-11T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91802
published_at	2026-04-12T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91764
published_at	2026-04-02T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.9177
published_at	2026-04-04T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91777
published_at	2026-04-07T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.9179
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560643
reference_id	1560643
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560643

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

https://security.archlinux.org/AVG-664

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-664

reference_url

https://httpd.apache.org/security/json/CVE-2018-1301.json

reference_id

CVE-2018-1301

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1301.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2020:1121
reference_id	RHSA-2020:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1121

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

reference_url	https://usn.ubuntu.com/3937-2/
reference_id	USN-3937-2
reference_type
scores
url	https://usn.ubuntu.com/3937-2/

fixed_packages

aliases

CVE-2018-1301

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff

url

VCID-zc2p-sfu7-jkhc

vulnerability_id

VCID-zc2p-sfu7-jkhc

summary

mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15710

reference_id

reference_type

scores

value	0.08002
scoring_system	epss
scoring_elements	0.92065
published_at	2026-04-01T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92105
published_at	2026-04-12T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92097
published_at	2026-04-08T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.921
published_at	2026-04-13T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92104
published_at	2026-04-11T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92072
published_at	2026-04-02T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.9208
published_at	2026-04-04T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92085
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560599
reference_id	1560599
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560599

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

https://security.archlinux.org/AVG-664

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-664

reference_url

https://httpd.apache.org/security/json/CVE-2017-15710.json

reference_id

CVE-2017-15710

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-15710.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2020:1121
reference_id	RHSA-2020:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1121

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

reference_url	https://usn.ubuntu.com/3937-2/
reference_id	USN-3937-2
reference_type
scores
url	https://usn.ubuntu.com/3937-2/

fixed_packages

aliases

CVE-2017-15710

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.4.6-93%3Farch=el7

Package Instance