{"url":"http://public2.vulnerablecode.io/api/packages/107265?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs?arch=el6","type":"rpm","namespace":"redhat","name":"jbcs-httpd24-httpd","version":"2.4.29-35.jbcs","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73598?format=json","vulnerability_id":"VCID-43bm-gb6c-9ugb","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11759.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11759.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11759","reference_id":"","reference_type":"","scores":[{"value":"0.94254","scoring_system":"epss","scoring_elements":"0.99932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.94254","scoring_system":"epss","scoring_elements":"0.99933","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645589","reference_id":"1645589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"}],"fixed_packages":[],"aliases":["CVE-2018-11759"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43bm-gb6c-9ugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3778?format=json","vulnerability_id":"VCID-9qdr-1v39-d7b7","summary":"When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283","reference_id":"","reference_type":"","scores":[{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87263","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87316","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87326","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.8732","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87306","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395","reference_id":"1560395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1283.json","reference_id":"CVE-2018-1283","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1283.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[],"aliases":["CVE-2018-1283"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3783?format=json","vulnerability_id":"VCID-9vzm-qtye-ufh2","summary":"By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3558","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3558"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333","reference_id":"","reference_type":"","scores":[{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92958","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92987","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.9297","published_at":"2026-04-07T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92988","published_at":"2026-04-11T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92986","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92967","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09859","scoring_system":"epss","scoring_elements":"0.92971","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0007/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0007/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securitytracker.com/id/1041402","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048","reference_id":"1605048","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1605048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106","reference_id":"904106","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106"},{"reference_url":"https://security.archlinux.org/ASA-201807-12","reference_id":"ASA-201807-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201807-12"},{"reference_url":"https://security.archlinux.org/AVG-736","reference_id":"AVG-736","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-736"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1333.json","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1333.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1333","reference_id":"CVE-2018-1333","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[],"aliases":["CVE-2018-1333"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3780?format=json","vulnerability_id":"VCID-apfh-r85v-dbhz","summary":"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302","reference_id":"","reference_type":"","scores":[{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-11T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93776","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93789","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625","reference_id":"1560625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1302.json","reference_id":"CVE-2018-1302","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1302.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[],"aliases":["CVE-2018-1302"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3785?format=json","vulnerability_id":"VCID-e3jc-83a7-8uhh","summary":"By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11763","reference_id":"","reference_type":"","scores":[{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95033","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95068","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95064","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95065","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95044","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95045","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95047","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95055","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17401","scoring_system":"epss","scoring_elements":"0.95058","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633399","reference_id":"1633399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1633399"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591","reference_id":"909591","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-11763.json","reference_id":"CVE-2018-11763","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-11763.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[],"aliases":["CVE-2018-11763"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3jc-83a7-8uhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3782?format=json","vulnerability_id":"VCID-fqem-96w3-rucb","summary":"When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312","reference_id":"","reference_type":"","scores":[{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91664","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91655","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634","reference_id":"1560634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1312.json","reference_id":"CVE-2018-1312","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1312.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1898","reference_id":"RHSA-2019:1898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1898"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[],"aliases":["CVE-2018-1312"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83546?format=json","vulnerability_id":"VCID-gcuf-2uct-ykcu","summary":"nghttp2: Null pointer dereference when too large ALTSVC frame is received","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000168.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000168","reference_id":"","reference_type":"","scores":[{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87347","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87293","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87303","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87319","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87318","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87337","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87356","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0336","scoring_system":"epss","scoring_elements":"0.87351","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000168"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"},{"reference_url":"https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/"}],"url":"https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/"}],"url":"https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"},{"reference_url":"http://www.securityfocus.com/bid/103952","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/"}],"url":"http://www.securityfocus.com/bid/103952"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565035","reference_id":"1565035","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1565035"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895566","reference_id":"895566","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895566"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000168","reference_id":"CVE-2018-1000168","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:47:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:0367"}],"fixed_packages":[],"aliases":["CVE-2018-1000168"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcuf-2uct-ykcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3779?format=json","vulnerability_id":"VCID-jzuw-73df-mfff","summary":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301","reference_id":"","reference_type":"","scores":[{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91755","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643","reference_id":"1560643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1301.json","reference_id":"CVE-2018-1301","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1301.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[],"aliases":["CVE-2018-1301"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3777?format=json","vulnerability_id":"VCID-q5wm-suxb-jfeb","summary":"The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715","reference_id":"","reference_type":"","scores":[{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99909","published_at":"2026-04-13T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99908","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614","reference_id":"1560614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15715.json","reference_id":"CVE-2017-15715","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15715.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[],"aliases":["CVE-2017-15715"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3781?format=json","vulnerability_id":"VCID-scf1-zmu7-e3b2","summary":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303","reference_id":"","reference_type":"","scores":[{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97337","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399","reference_id":"1560399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1303.json","reference_id":"CVE-2018-1303","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1303.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[],"aliases":["CVE-2018-1303"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47324?format=json","vulnerability_id":"VCID-ut4t-h9gc-cyds","summary":"Multiple vulnerabilities have been found in Dropbear, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0739.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0739","reference_id":"","reference_type":"","scores":[{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94394","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94431","published_at":"2026-04-11T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94432","published_at":"2026-04-12T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94413","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94424","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94428","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561266","reference_id":"1561266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561266"},{"reference_url":"https://security.archlinux.org/ASA-201804-2","reference_id":"ASA-201804-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-2"},{"reference_url":"https://security.archlinux.org/AVG-540","reference_id":"AVG-540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-540"},{"reference_url":"https://security.gentoo.org/glsa/201811-21","reference_id":"GLSA-201811-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-21"},{"reference_url":"https://security.gentoo.org/glsa/202007-53","reference_id":"GLSA-202007-53","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-53"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3090","reference_id":"RHSA-2018:3090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3221","reference_id":"RHSA-2018:3221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1711","reference_id":"RHSA-2019:1711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1711"},{"reference_url":"https://usn.ubuntu.com/3611-1/","reference_id":"USN-3611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3611-1/"},{"reference_url":"https://usn.ubuntu.com/3611-2/","reference_id":"USN-3611-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3611-2/"}],"fixed_packages":[],"aliases":["CVE-2018-0739"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut4t-h9gc-cyds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3776?format=json","vulnerability_id":"VCID-zc2p-sfu7-jkhc","summary":"mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710","reference_id":"","reference_type":"","scores":[{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92097","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.921","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92104","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.9208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92085","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599","reference_id":"1560599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15710.json","reference_id":"CVE-2017-15710","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15710.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[],"aliases":["CVE-2017-15710"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs%3Farch=el6"}