{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","type":"apk","namespace":"alpine","name":"apache2","version":"2.4.33-r0","qualifiers":{"arch":"armhf","distroversion":"v3.10","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.34-r0","latest_non_vulnerable_version":"2.4.48-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3778?format=json","vulnerability_id":"VCID-9qdr-1v39-d7b7","summary":"When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283","reference_id":"","reference_type":"","scores":[{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87263","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87316","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87326","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.8732","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87289","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87287","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03348","scoring_system":"epss","scoring_elements":"0.87306","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395","reference_id":"1560395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560395"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1283.json","reference_id":"CVE-2018-1283","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1283.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2018-1283"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3780?format=json","vulnerability_id":"VCID-apfh-r85v-dbhz","summary":"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302","reference_id":"","reference_type":"","scores":[{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93766","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-11T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93776","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12125","scoring_system":"epss","scoring_elements":"0.93789","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625","reference_id":"1560625","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560625"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1302.json","reference_id":"CVE-2018-1302","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1302.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://usn.ubuntu.com/3783-1/","reference_id":"USN-3783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2018-1302"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3782?format=json","vulnerability_id":"VCID-fqem-96w3-rucb","summary":"When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312","reference_id":"","reference_type":"","scores":[{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91663","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91664","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91667","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0728","scoring_system":"epss","scoring_elements":"0.91655","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634","reference_id":"1560634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560634"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1312.json","reference_id":"CVE-2018-1312","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1312.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1898","reference_id":"RHSA-2019:1898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1898"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2018-1312"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3779?format=json","vulnerability_id":"VCID-jzuw-73df-mfff","summary":"A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301","reference_id":"","reference_type":"","scores":[{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91755","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.918","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9177","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.91777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07499","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643","reference_id":"1560643","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560643"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1301.json","reference_id":"CVE-2018-1301","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1301.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2018-1301"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3777?format=json","vulnerability_id":"VCID-q5wm-suxb-jfeb","summary":"The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715","reference_id":"","reference_type":"","scores":[{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99909","published_at":"2026-04-13T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-04-08T12:55:00Z"},{"value":"0.94103","scoring_system":"epss","scoring_elements":"0.99908","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614","reference_id":"1560614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560614"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15715.json","reference_id":"CVE-2017-15715","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15715.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2017-15715"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3781?format=json","vulnerability_id":"VCID-scf1-zmu7-e3b2","summary":"A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303","reference_id":"","reference_type":"","scores":[{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97337","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97321","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-04T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40137","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399","reference_id":"1560399","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560399"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-1303.json","reference_id":"CVE-2018-1303","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-1303.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2018-1303"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3776?format=json","vulnerability_id":"VCID-zc2p-sfu7-jkhc","summary":"mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710","reference_id":"","reference_type":"","scores":[{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92105","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92097","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.921","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92104","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.9208","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08002","scoring_system":"epss","scoring_elements":"0.92085","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599","reference_id":"1560599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1560599"},{"reference_url":"https://security.archlinux.org/ASA-201804-4","reference_id":"ASA-201804-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201804-4"},{"reference_url":"https://security.archlinux.org/AVG-664","reference_id":"AVG-664","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-664"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-15710.json","reference_id":"CVE-2017-15710","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-15710.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0366","reference_id":"RHSA-2019:0366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0367","reference_id":"RHSA-2019:0367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://usn.ubuntu.com/3627-1/","reference_id":"USN-3627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-1/"},{"reference_url":"https://usn.ubuntu.com/3627-2/","reference_id":"USN-3627-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3627-2/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/400449?format=json","purl":"pkg:apk/alpine/apache2@2.4.33-r0?arch=armhf&distroversion=v3.10&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}],"aliases":["CVE-2017-15710"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apache2@2.4.33-r0%3Farch=armhf&distroversion=v3.10&reponame=main"}