{"url":"http://public2.vulnerablecode.io/api/packages/128159?format=json","purl":"pkg:rpm/redhat/php@4.3.9-3?arch=29","type":"rpm","namespace":"redhat","name":"php","version":"4.3.9-3","qualifiers":{"arch":"29"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61324?format=json","vulnerability_id":"VCID-3mtj-3s5r-jqf4","summary":"Multiple vulnerabilities were found in PHP, the worst of which leading to\n    the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3291.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3291","reference_id":"","reference_type":"","scores":[{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84398","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84418","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84421","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84466","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.8446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84455","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84477","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84478","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.8448","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84516","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.8452","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84537","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84563","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.8458","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84577","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84594","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84624","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84634","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3291"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=524228","reference_id":"524228","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=524228"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/862-1/","reference_id":"USN-862-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/862-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3291"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mtj-3s5r-jqf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41480?format=json","vulnerability_id":"VCID-4ehv-84qa-fubx","summary":"The GD library is prone to a buffer overflow vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3546.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3546.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3546","reference_id":"","reference_type":"","scores":[{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.8858","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.88589","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.88606","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.88608","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.88627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.88631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04125","scoring_system":"epss","scoring_elements":"0.88643","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89352","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89361","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.8938","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89392","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89391","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89401","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89423","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89433","published_at":"2026-05-15T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89332","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89331","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89327","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89345","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=529213","reference_id":"529213","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=529213"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552534","reference_id":"552534","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552534"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525","reference_id":"601525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://security.gentoo.org/glsa/201006-16","reference_id":"GLSA-201006-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0003","reference_id":"RHSA-2010:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/854-1/","reference_id":"USN-854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/854-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3546"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ehv-84qa-fubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61330?format=json","vulnerability_id":"VCID-cj5p-bytf-pqfw","summary":"Multiple vulnerabilities were found in PHP, the worst of which leading to\n    the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4142","reference_id":"","reference_type":"","scores":[{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94938","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94947","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94951","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94959","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94969","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94972","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.9498","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94987","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94988","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.94995","published_at":"2026-05-05T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.95002","published_at":"2026-05-07T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.9501","published_at":"2026-05-09T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.95015","published_at":"2026-05-11T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.9502","published_at":"2026-05-12T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.95031","published_at":"2026-05-14T12:55:00Z"},{"value":"0.16946","scoring_system":"epss","scoring_elements":"0.95033","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4142"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=548516","reference_id":"548516","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=548516"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/33414.php","reference_id":"CVE-2009-4142;OSVDB-61209","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/33414.php"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/33415.php","reference_id":"CVE-2009-4142;OSVDB-61209","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/33415.php"},{"reference_url":"https://www.securityfocus.com/bid/37389/info","reference_id":"CVE-2009-4142;OSVDB-61209","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/37389/info"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/882-1/","reference_id":"USN-882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/882-1/"}],"fixed_packages":[],"aliases":["CVE-2009-4142"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj5p-bytf-pqfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61325?format=json","vulnerability_id":"VCID-nzc1-7c19-3qa3","summary":"Multiple vulnerabilities were found in PHP, the worst of which leading to\n    the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3292.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3292","reference_id":"","reference_type":"","scores":[{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.8773","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87754","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87777","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87784","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87795","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.8779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87788","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87801","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87816","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87822","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87833","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87847","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87865","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87861","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87874","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87907","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03611","scoring_system":"epss","scoring_elements":"0.87914","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3292"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=524222","reference_id":"524222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=524222"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/862-1/","reference_id":"USN-862-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/862-1/"}],"fixed_packages":[],"aliases":["CVE-2009-3292"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzc1-7c19-3qa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61323?format=json","vulnerability_id":"VCID-pxje-hj73-k7d8","summary":"Multiple vulnerabilities were found in PHP, the worst of which leading to\n    the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2687.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2687","reference_id":"","reference_type":"","scores":[{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93651","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93661","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.9367","published_at":"2026-04-04T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.9368","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93687","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93688","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93705","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93715","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.9372","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93717","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93723","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93734","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93743","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93745","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.9375","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93763","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11713","scoring_system":"epss","scoring_elements":"0.93769","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2687"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=506896","reference_id":"506896","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=506896"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/824-1/","reference_id":"USN-824-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/824-1/"}],"fixed_packages":[],"aliases":["CVE-2009-2687"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pxje-hj73-k7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61329?format=json","vulnerability_id":"VCID-xkkh-8crx-ffgg","summary":"Multiple vulnerabilities were found in PHP, the worst of which leading to\n    the remote execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4017.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4017","reference_id":"","reference_type":"","scores":[{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.806","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.80607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.80629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.80623","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.8065","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.8066","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.80676","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.80663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.80655","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.8337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83371","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83372","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83396","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83403","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83404","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83428","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.8345","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83469","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.8347","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83487","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83522","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01918","scoring_system":"epss","scoring_elements":"0.83533","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=540459","reference_id":"540459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=540459"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/10242.py","reference_id":"CVE-2009-4017;OSVDB-60451","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/dos/10242.py"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/862-1/","reference_id":"USN-862-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/862-1/"}],"fixed_packages":[],"aliases":["CVE-2009-4017"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkkh-8crx-ffgg"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@4.3.9-3%3Farch=29"}