{"url":"http://public2.vulnerablecode.io/api/packages/127969?format=json","purl":"pkg:rpm/redhat/httpd@2.2.14-1.2.6.jdk6.ep5?arch=el5","type":"rpm","namespace":"redhat","name":"httpd","version":"2.2.14-1.2.6.jdk6.ep5","qualifiers":{"arch":"el5"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3719?format=json","vulnerability_id":"VCID-pdtf-5zv7-2qaf","summary":"mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0408.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0408","reference_id":"","reference_type":"","scores":[{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.9674","published_at":"2026-04-29T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96691","published_at":"2026-04-01T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96703","published_at":"2026-04-04T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96707","published_at":"2026-04-07T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.9672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96722","published_at":"2026-04-13T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96733","published_at":"2026-04-18T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96735","published_at":"2026-04-24T12:55:00Z"},{"value":"0.30734","scoring_system":"epss","scoring_elements":"0.96737","published_at":"2026-04-26T12:55:00Z"},{"value":"0.38788","scoring_system":"epss","scoring_elements":"0.97304","published_at":"2026-05-14T12:55:00Z"},{"value":"0.38788","scoring_system":"epss","scoring_elements":"0.97277","published_at":"2026-05-05T12:55:00Z"},{"value":"0.38788","scoring_system":"epss","scoring_elements":"0.97281","published_at":"2026-05-07T12:55:00Z"},{"value":"0.38788","scoring_system":"epss","scoring_elements":"0.97285","published_at":"2026-05-09T12:55:00Z"},{"value":"0.38788","scoring_system":"epss","scoring_elements":"0.97291","published_at":"2026-05-11T12:55:00Z"},{"value":"0.38788","scoring_system":"epss","scoring_elements":"0.97296","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=569905","reference_id":"569905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=569905"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2010-0408.json","reference_id":"CVE-2010-0408","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2010-0408.json"},{"reference_url":"https://security.gentoo.org/glsa/201206-25","reference_id":"GLSA-201206-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0168","reference_id":"RHSA-2010:0168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0396","reference_id":"RHSA-2010:0396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0396"},{"reference_url":"https://usn.ubuntu.com/908-1/","reference_id":"USN-908-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/908-1/"}],"fixed_packages":[],"aliases":["CVE-2010-0408"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdtf-5zv7-2qaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3721?format=json","vulnerability_id":"VCID-wycq-jwzz-q7hf","summary":"A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as mod_headers which may manipulate the input headers for a subrequest would poison the parent request in two ways, one by modifying the parent request, which might not be intended, and second by leaving pointers to modified header fields in memory allocated to the subrequest scope, which could be freed before the main request processing was finished, resulting in a segfault or in revealing data from another request on threaded servers, such as the worker or winnt MPMs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0434.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0434","reference_id":"","reference_type":"","scores":[{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85428","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.8544","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.8546","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85463","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85492","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85501","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85525","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85529","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85526","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02554","scoring_system":"epss","scoring_elements":"0.85548","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90203","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90149","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90159","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90175","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90187","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.90181","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0539","scoring_system":"epss","scoring_elements":"0.9019","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=570171","reference_id":"570171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=570171"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2010-0434.json","reference_id":"CVE-2010-0434","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2010-0434.json"},{"reference_url":"https://security.gentoo.org/glsa/201206-25","reference_id":"GLSA-201206-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0168","reference_id":"RHSA-2010:0168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0175","reference_id":"RHSA-2010:0175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0396","reference_id":"RHSA-2010:0396","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0396"},{"reference_url":"https://usn.ubuntu.com/908-1/","reference_id":"USN-908-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/908-1/"}],"fixed_packages":[],"aliases":["CVE-2010-0434"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wycq-jwzz-q7hf"}],"fixing_vulnerabilities":[],"risk_score":"2.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.2.14-1.2.6.jdk6.ep5%3Farch=el5"}