{"url":"http://public2.vulnerablecode.io/api/packages/130442?format=json","purl":"pkg:rpm/redhat/httpd@2.0.46-40?arch=ent","type":"rpm","namespace":"redhat","name":"httpd","version":"2.0.46-40","qualifiers":{"arch":"ent"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3674?format=json","vulnerability_id":"VCID-76s2-26cr-syd1","summary":"An issue was discovered in the mod_dav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK requests. This issue does not allow execution of arbitrary code. and will only result in a denial of service where a threaded process model is in use.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0809.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0809","reference_id":"","reference_type":"","scores":[{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.9434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.94299","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.94308","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.9432","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.94321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.9433","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.94335","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14022","scoring_system":"epss","scoring_elements":"0.94338","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617299","reference_id":"1617299","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617299"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2004-0809.json","reference_id":"CVE-2004-0809","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2004-0809.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:463","reference_id":"RHSA-2004:463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:463"}],"fixed_packages":[],"aliases":["CVE-2004-0809"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76s2-26cr-syd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3672?format=json","vulnerability_id":"VCID-f8n9-ampd-yyah","summary":"An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue is not believed to allow execution of arbitrary code and will only result in a denial of service where a threaded process model is in use.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0751.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0751","reference_id":"","reference_type":"","scores":[{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97706","published_at":"2026-04-13T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97691","published_at":"2026-04-02T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97692","published_at":"2026-04-07T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97697","published_at":"2026-04-08T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.977","published_at":"2026-04-09T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97703","published_at":"2026-04-11T12:55:00Z"},{"value":"0.47686","scoring_system":"epss","scoring_elements":"0.97705","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617264","reference_id":"1617264","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617264"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2004-0751.json","reference_id":"CVE-2004-0751","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2004-0751.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/24590.txt","reference_id":"CVE-2004-0751;OSVDB-9742","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/24590.txt"},{"reference_url":"https://www.securityfocus.com/bid/11154/info","reference_id":"CVE-2004-0751;OSVDB-9742","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/11154/info"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:463","reference_id":"RHSA-2004:463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:463"}],"fixed_packages":[],"aliases":["CVE-2004-0751"],"risk_score":4.2,"exploitability":"2.0","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8n9-ampd-yyah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3670?format=json","vulnerability_id":"VCID-fq9j-uewn-q7h7","summary":"A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0747.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0747","reference_id":"","reference_type":"","scores":[{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80669","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80639","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80647","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80705","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80719","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80702","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80692","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01437","scoring_system":"epss","scoring_elements":"0.80664","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0747"},{"reference_url":"http://www.trustix.org/errata/2004/0047/","reference_id":"0047","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.trustix.org/errata/2004/0047/"},{"reference_url":"http://www.vupen.com/english/advisories/2009/1233","reference_id":"1233","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.vupen.com/english/advisories/2009/1233"},{"reference_url":"http://secunia.com/advisories/12540","reference_id":"12540","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://secunia.com/advisories/12540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617261","reference_id":"1617261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617261"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17384","reference_id":"17384","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17384"},{"reference_url":"http://www.novell.com/linux/security/advisories/2004_32_apache2.html","reference_id":"2004_32_apache2.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.novell.com/linux/security/advisories/2004_32_apache2.html"},{"reference_url":"http://secunia.com/advisories/34920","reference_id":"34920","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://secunia.com/advisories/34920"},{"reference_url":"http://www.kb.cert.org/vuls/id/481998","reference_id":"481998","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.kb.cert.org/vuls/id/481998"},{"reference_url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096","reference_id":"advisory.php?name=MDKSA-2004:096","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2004-0747.json","reference_id":"CVE-2004-0747","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2004-0747.json"},{"reference_url":"http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml","reference_id":"glsa-200409-21.xml","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml"},{"reference_url":"http://securitytracker.com/id?1011303","reference_id":"id?1011303","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://securitytracker.com/id?1011303"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A11561","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11561"},{"reference_url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147","reference_id":"phpsupcontent?contentID=205147","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:463","reference_id":"RHSA-2004:463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:463"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2004-463.html","reference_id":"RHSA-2004-463.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-05T21:31:51Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2004-463.html"}],"fixed_packages":[],"aliases":["CVE-2004-0747"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fq9j-uewn-q7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3673?format=json","vulnerability_id":"VCID-g1jc-8vza-u3ad","summary":"Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child process could be made to crash. One some BSD systems it is believed this flaw may be able to lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0786.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0786","reference_id":"","reference_type":"","scores":[{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97719","published_at":"2026-04-01T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97726","published_at":"2026-04-02T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97728","published_at":"2026-04-07T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97733","published_at":"2026-04-08T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97736","published_at":"2026-04-09T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97739","published_at":"2026-04-11T12:55:00Z"},{"value":"0.48362","scoring_system":"epss","scoring_elements":"0.97741","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0786"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617289","reference_id":"1617289","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2004-0786.json","reference_id":"CVE-2004-0786","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2004-0786.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:463","reference_id":"RHSA-2004:463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:463"}],"fixed_packages":[],"aliases":["CVE-2004-0786"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g1jc-8vza-u3ad"}],"fixing_vulnerabilities":[],"risk_score":"4.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.0.46-40%3Farch=ent"}