{"url":"http://public2.vulnerablecode.io/api/packages/535?format=json","purl":"pkg:apache/httpd@2.2.31","type":"apache","namespace":"","name":"httpd","version":"2.2.31","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.42","latest_non_vulnerable_version":"2.4.54","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3769?format=json","vulnerability_id":"VCID-1189-ej89-hybs","summary":"mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3169","reference_id":"","reference_type":"","scores":[{"value":"0.32699","scoring_system":"epss","scoring_elements":"0.96879","published_at":"2026-04-16T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.9698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96968","published_at":"2026-04-01T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96992","published_at":"2026-04-09T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96994","published_at":"2026-04-11T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96995","published_at":"2026-04-12T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.34517","scoring_system":"epss","scoring_elements":"0.96991","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463197","reference_id":"1463197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463197"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-3169.json","reference_id":"CVE-2017-3169","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-3169.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/544?format=json","purl":"pkg:apache/httpd@2.2.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.34"},{"url":"http://public2.vulnerablecode.io/api/packages/545?format=json","purl":"pkg:apache/httpd@2.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-khfr-kgtb-rfam"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26"}],"aliases":["CVE-2017-3169"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3765?format=json","vulnerability_id":"VCID-2xc4-7zg9-y7fw","summary":"HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the \"HTTP_PROXY\" variable from a \"Proxy:\" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1624.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1624.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1625.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1625.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1648.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1648.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1649.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1649.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1650.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1650.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1635","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1636","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1636"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5387","reference_id":"","reference_type":"","scores":[{"value":"0.41959","scoring_system":"epss","scoring_elements":"0.9741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41959","scoring_system":"epss","scoring_elements":"0.97403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98284","published_at":"2026-04-16T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98269","published_at":"2026-04-07T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98278","published_at":"2026-04-13T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98268","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://httpoxy.org/","reference_id":"","reference_type":"","scores":[],"url":"https://httpoxy.org/"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"},{"reference_url":"https://support.apple.com/HT208221","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT208221"},{"reference_url":"https://www.apache.org/security/asf-httpoxy-response.txt","reference_id":"","reference_type":"","scores":[],"url":"https://www.apache.org/security/asf-httpoxy-response.txt"},{"reference_url":"https://www.tenable.com/security/tns-2017-04","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2017-04"},{"reference_url":"http://www.debian.org/security/2016/dsa-3623","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3623"},{"reference_url":"http://www.kb.cert.org/vuls/id/797896","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/797896"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"reference_url":"http://www.securityfocus.com/bid/91816","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91816"},{"reference_url":"http://www.securitytracker.com/id/1036330","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036330"},{"reference_url":"http://www.ubuntu.com/usn/USN-3038-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3038-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353755","reference_id":"1353755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353755"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-5387.json","reference_id":"CVE-2016-5387","reference_type":"","scores":[{"value":"n/a","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-5387.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5387","reference_id":"CVE-2016-5387","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5387"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1420","reference_id":"RHSA-2016:1420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1421","reference_id":"RHSA-2016:1421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1422","reference_id":"RHSA-2016:1422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1625","reference_id":"RHSA-2016:1625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1648","reference_id":"RHSA-2016:1648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1649","reference_id":"RHSA-2016:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1650","reference_id":"RHSA-2016:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1851","reference_id":"RHSA-2016:1851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1851"},{"reference_url":"https://usn.ubuntu.com/3038-1/","reference_id":"USN-3038-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3038-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/543?format=json","purl":"pkg:apache/httpd@2.2.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-twj7-4qwm-2khv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.32"},{"url":"http://public2.vulnerablecode.io/api/packages/542?format=json","purl":"pkg:apache/httpd@2.4.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25"}],"aliases":["CVE-2016-5387"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xc4-7zg9-y7fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3775?format=json","vulnerability_id":"VCID-5bej-9h7w-33c8","summary":"When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2017/09/18/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2017/09/18/2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3113","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3114","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3114"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9798","reference_id":"","reference_type":"","scores":[{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99862","published_at":"2026-04-01T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99865","published_at":"2026-04-16T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99864","published_at":"2026-04-12T12:55:00Z"},{"value":"0.9384","scoring_system":"epss","scoring_elements":"0.99863","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9798"},{"reference_url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html"},{"reference_url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Sep/22","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2024/Sep/22"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a"},{"reference_url":"https://github.com/hannob/optionsbleed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hannob/optionsbleed"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180601-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180601-0003/"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2017-9798","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2017-9798"},{"reference_url":"https://support.apple.com/HT208331","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT208331"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us"},{"reference_url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch","reference_id":"","reference_type":"","scores":[],"url":"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch"},{"reference_url":"https://www.exploit-db.com/exploits/42745/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/42745/"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.debian.org/security/2017/dsa-3980","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3980"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/100872","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100872"},{"reference_url":"http://www.securityfocus.com/bid/105598","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105598"},{"reference_url":"http://www.securitytracker.com/id/1039387","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490344","reference_id":"1490344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109","reference_id":"876109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109"},{"reference_url":"https://security.archlinux.org/ASA-201709-15","reference_id":"ASA-201709-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-15"},{"reference_url":"https://security.archlinux.org/AVG-404","reference_id":"AVG-404","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-404"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9798.json","reference_id":"CVE-2017-9798","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9798.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9798","reference_id":"CVE-2017-9798","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9798"},{"reference_url":"https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed","reference_id":"CVE-2017-9798;OPTIONSBLEED","reference_type":"exploit","scores":[],"url":"https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py","reference_id":"CVE-2017-9798;OPTIONSBLEED","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2882","reference_id":"RHSA-2017:2882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2972","reference_id":"RHSA-2017:2972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2972"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3018","reference_id":"RHSA-2017:3018","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3018"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3239","reference_id":"RHSA-2017:3239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3240","reference_id":"RHSA-2017:3240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3240"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3425-1/","reference_id":"USN-3425-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3425-1/"},{"reference_url":"https://usn.ubuntu.com/3425-2/","reference_id":"USN-3425-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3425-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/547?format=json","purl":"pkg:apache/httpd@2.4.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.28"}],"aliases":["CVE-2017-9798"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3763?format=json","vulnerability_id":"VCID-8gcm-7q3n-q7bm","summary":"Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4975.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4975","reference_id":"","reference_type":"","scores":[{"value":"0.73272","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-04-16T12:55:00Z"},{"value":"0.73272","scoring_system":"epss","scoring_elements":"0.98788","published_at":"2026-04-09T12:55:00Z"},{"value":"0.73272","scoring_system":"epss","scoring_elements":"0.98789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.73272","scoring_system":"epss","scoring_elements":"0.98791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.73272","scoring_system":"epss","scoring_elements":"0.98792","published_at":"2026-04-12T12:55:00Z"},{"value":"0.73272","scoring_system":"epss","scoring_elements":"0.98793","published_at":"2026-04-13T12:55:00Z"},{"value":"0.75341","scoring_system":"epss","scoring_elements":"0.98876","published_at":"2026-04-01T12:55:00Z"},{"value":"0.75341","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-04-02T12:55:00Z"},{"value":"0.75341","scoring_system":"epss","scoring_elements":"0.9888","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375968","reference_id":"1375968","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375968"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-4975.json","reference_id":"CVE-2016-4975","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-4975.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0906","reference_id":"RHSA-2017:0906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2185","reference_id":"RHSA-2018:2185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2186","reference_id":"RHSA-2018:2186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2186"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/543?format=json","purl":"pkg:apache/httpd@2.2.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-twj7-4qwm-2khv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.32"},{"url":"http://public2.vulnerablecode.io/api/packages/542?format=json","purl":"pkg:apache/httpd@2.4.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25"}],"aliases":["CVE-2016-4975"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gcm-7q3n-q7bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3772?format=json","vulnerability_id":"VCID-fyrq-yg2u-jkc7","summary":"mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7679","reference_id":"","reference_type":"","scores":[{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96668","published_at":"2026-04-16T12:55:00Z"},{"value":"0.30062","scoring_system":"epss","scoring_elements":"0.96661","published_at":"2026-04-13T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96715","published_at":"2026-04-01T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.9673","published_at":"2026-04-07T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96742","published_at":"2026-04-12T12:55:00Z"},{"value":"0.31057","scoring_system":"epss","scoring_elements":"0.96725","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7679"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463207","reference_id":"1463207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463207"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-7679.json","reference_id":"CVE-2017-7679","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-7679.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/544?format=json","purl":"pkg:apache/httpd@2.2.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.34"},{"url":"http://public2.vulnerablecode.io/api/packages/545?format=json","purl":"pkg:apache/httpd@2.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-khfr-kgtb-rfam"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26"}],"aliases":["CVE-2017-7679"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3773?format=json","vulnerability_id":"VCID-jt89-ruvk-1kbj","summary":"The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9788","reference_id":"","reference_type":"","scores":[{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97921","published_at":"2026-04-01T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.9795","published_at":"2026-04-16T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97941","published_at":"2026-04-11T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97942","published_at":"2026-04-12T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97944","published_at":"2026-04-13T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97924","published_at":"2026-04-02T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97929","published_at":"2026-04-07T12:55:00Z"},{"value":"0.52641","scoring_system":"epss","scoring_elements":"0.97934","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470748","reference_id":"1470748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467","reference_id":"868467","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467"},{"reference_url":"https://security.archlinux.org/ASA-201707-15","reference_id":"ASA-201707-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-15"},{"reference_url":"https://security.archlinux.org/AVG-350","reference_id":"AVG-350","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-350"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9788.json","reference_id":"CVE-2017-9788","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9788.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2708","reference_id":"RHSA-2017:2708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2709","reference_id":"RHSA-2017:2709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2710","reference_id":"RHSA-2017:2710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3239","reference_id":"RHSA-2017:3239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3240","reference_id":"RHSA-2017:3240","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3240"},{"reference_url":"https://usn.ubuntu.com/3370-1/","reference_id":"USN-3370-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3370-1/"},{"reference_url":"https://usn.ubuntu.com/3370-2/","reference_id":"USN-3370-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3370-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/544?format=json","purl":"pkg:apache/httpd@2.2.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.34"},{"url":"http://public2.vulnerablecode.io/api/packages/546?format=json","purl":"pkg:apache/httpd@2.4.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.27"}],"aliases":["CVE-2017-9788"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3767?format=json","vulnerability_id":"VCID-pc2n-ga7g-byga","summary":"Apache HTTP Server, prior to release 2.4.25 (and 2.2.32), accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member \"the_request\", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines.\nRFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace.\nThese defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent.\nThese defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive; HttpProtocolOptions Strict which is the default behavior of 2.4.25 and later.\nBy toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8743","reference_id":"","reference_type":"","scores":[{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92291","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.9234","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92328","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.9233","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92318","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92322","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406822","reference_id":"1406822","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406822"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-8743.json","reference_id":"CVE-2016-8743","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-8743.json"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0906","reference_id":"RHSA-2017:0906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1161","reference_id":"RHSA-2017:1161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1413","reference_id":"RHSA-2017:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1414","reference_id":"RHSA-2017:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1415","reference_id":"RHSA-2017:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1721","reference_id":"RHSA-2017:1721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1721"},{"reference_url":"https://usn.ubuntu.com/3279-1/","reference_id":"USN-3279-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3279-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/543?format=json","purl":"pkg:apache/httpd@2.2.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-twj7-4qwm-2khv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.32"},{"url":"http://public2.vulnerablecode.io/api/packages/542?format=json","purl":"pkg:apache/httpd@2.4.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-twj7-4qwm-2khv"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wshe-gf99-tbg6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25"}],"aliases":["CVE-2016-8743"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc2n-ga7g-byga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3768?format=json","vulnerability_id":"VCID-qayj-kts9-3fde","summary":"Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3167","reference_id":"","reference_type":"","scores":[{"value":"0.09566","scoring_system":"epss","scoring_elements":"0.92873","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10349","scoring_system":"epss","scoring_elements":"0.93183","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463194","reference_id":"1463194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463194"},{"reference_url":"https://security.archlinux.org/ASA-201706-34","reference_id":"ASA-201706-34","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-34"},{"reference_url":"https://security.archlinux.org/AVG-316","reference_id":"AVG-316","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-316"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-3167.json","reference_id":"CVE-2017-3167","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-3167.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2478","reference_id":"RHSA-2017:2478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2479","reference_id":"RHSA-2017:2479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2483","reference_id":"RHSA-2017:2483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3193","reference_id":"RHSA-2017:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3194","reference_id":"RHSA-2017:3194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3194"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3195","reference_id":"RHSA-2017:3195","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3195"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3475","reference_id":"RHSA-2017:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3476","reference_id":"RHSA-2017:3476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3477","reference_id":"RHSA-2017:3477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3477"},{"reference_url":"https://usn.ubuntu.com/3340-1/","reference_id":"USN-3340-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3340-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/544?format=json","purl":"pkg:apache/httpd@2.2.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5bej-9h7w-33c8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.34"},{"url":"http://public2.vulnerablecode.io/api/packages/545?format=json","purl":"pkg:apache/httpd@2.4.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-6vxq-uxxw-ybeh"},{"vulnerability":"VCID-7u2r-egf2-vfhx"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-9vzm-qtye-ufh2"},{"vulnerability":"VCID-a9rw-3s1y-hqd7"},{"vulnerability":"VCID-apfh-r85v-dbhz"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-e3jc-83a7-8uhh"},{"vulnerability":"VCID-eesz-v6ae-gya3"},{"vulnerability":"VCID-ehv1-yvpu-ubcg"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-khfr-kgtb-rfam"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-v41h-pbbe-zfas"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-y3k1-c4rn-xbc2"},{"vulnerability":"VCID-yz3c-arnr-y3cs"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26"}],"aliases":["CVE-2017-3167"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3758?format=json","vulnerability_id":"VCID-k4kb-21tp-4kc8","summary":"An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3183","reference_id":"","reference_type":"","scores":[{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96477","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96485","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96494","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96505","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96511","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28343","scoring_system":"epss","scoring_elements":"0.96517","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243887","reference_id":"1243887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243887"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2015-3183.json","reference_id":"CVE-2015-3183","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2015-3183.json"},{"reference_url":"https://security.gentoo.org/glsa/201610-02","reference_id":"GLSA-201610-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1666","reference_id":"RHSA-2015:1666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1667","reference_id":"RHSA-2015:1667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1668","reference_id":"RHSA-2015:1668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2661","reference_id":"RHSA-2015:2661","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2661"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0061","reference_id":"RHSA-2016:0061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0062","reference_id":"RHSA-2016:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2054","reference_id":"RHSA-2016:2054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2055","reference_id":"RHSA-2016:2055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2056","reference_id":"RHSA-2016:2056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2056"},{"reference_url":"https://usn.ubuntu.com/2686-1/","reference_id":"USN-2686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2686-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/535?format=json","purl":"pkg:apache/httpd@2.2.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-2xc4-7zg9-y7fw"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-8gcm-7q3n-q7bm"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-pc2n-ga7g-byga"},{"vulnerability":"VCID-qayj-kts9-3fde"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.31"},{"url":"http://public2.vulnerablecode.io/api/packages/534?format=json","purl":"pkg:apache/httpd@2.4.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1189-ej89-hybs"},{"vulnerability":"VCID-17hy-4ppt-xyhw"},{"vulnerability":"VCID-2nmh-7tfa-zyb2"},{"vulnerability":"VCID-2xc4-7zg9-y7fw"},{"vulnerability":"VCID-3djp-gq4c-1fa9"},{"vulnerability":"VCID-5bej-9h7w-33c8"},{"vulnerability":"VCID-5xrt-1n1q-4bey"},{"vulnerability":"VCID-66k7-maf9-dfcd"},{"vulnerability":"VCID-8gcm-7q3n-q7bm"},{"vulnerability":"VCID-91u7-vh6n-v7fm"},{"vulnerability":"VCID-9qdr-1v39-d7b7"},{"vulnerability":"VCID-auhk-ppv5-buaa"},{"vulnerability":"VCID-bvkg-nrwd-e7g8"},{"vulnerability":"VCID-ct26-19cq-8kd7"},{"vulnerability":"VCID-f2y3-s6j8-7ygr"},{"vulnerability":"VCID-fqem-96w3-rucb"},{"vulnerability":"VCID-fyrq-yg2u-jkc7"},{"vulnerability":"VCID-h6kk-81jx-h7b8"},{"vulnerability":"VCID-jt89-ruvk-1kbj"},{"vulnerability":"VCID-jzuw-73df-mfff"},{"vulnerability":"VCID-pc2n-ga7g-byga"},{"vulnerability":"VCID-q5wm-suxb-jfeb"},{"vulnerability":"VCID-qayj-kts9-3fde"},{"vulnerability":"VCID-rfqy-e7pv-dyfy"},{"vulnerability":"VCID-scf1-zmu7-e3b2"},{"vulnerability":"VCID-uwqg-yytc-vfae"},{"vulnerability":"VCID-w6p6-u8ku-k3f6"},{"vulnerability":"VCID-wgte-97r1-j7a9"},{"vulnerability":"VCID-zc2p-sfu7-jkhc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.16"}],"aliases":["CVE-2015-3183"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4kb-21tp-4kc8"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.31"}