Package Instance

reference_id

AVG-316

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-3169.json

reference_url

reference_id

CVE-2017-3169

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-3169.json

reference_url	https://security.gentoo.org/glsa/201710-32
reference_id	GLSA-201710-32
reference_type
scores
url	https://security.gentoo.org/glsa/201710-32

reference_url	https://access.redhat.com/errata/RHSA-2017:2478
reference_id	RHSA-2017:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2478

reference_url	https://access.redhat.com/errata/RHSA-2017:2479
reference_id	RHSA-2017:2479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2479

reference_url	https://access.redhat.com/errata/RHSA-2017:2483
reference_id	RHSA-2017:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2483

reference_url	https://access.redhat.com/errata/RHSA-2017:3193
reference_id	RHSA-2017:3193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3193

reference_url	https://access.redhat.com/errata/RHSA-2017:3194
reference_id	RHSA-2017:3194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3194

reference_url	https://access.redhat.com/errata/RHSA-2017:3195
reference_id	RHSA-2017:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3195

reference_url	https://access.redhat.com/errata/RHSA-2017:3475
reference_id	RHSA-2017:3475
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3475

reference_url	https://access.redhat.com/errata/RHSA-2017:3476
reference_id	RHSA-2017:3476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3476

reference_url	https://access.redhat.com/errata/RHSA-2017:3477
reference_id	RHSA-2017:3477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3477

reference_url	https://usn.ubuntu.com/3340-1/
reference_id	USN-3340-1
reference_type
scores
url	https://usn.ubuntu.com/3340-1/

reference_url	https://usn.ubuntu.com/3373-1/
reference_id	USN-3373-1
reference_type
scores
url	https://usn.ubuntu.com/3373-1/

fixed_packages

url pkg:apache/httpd@2.4.26

purl pkg:apache/httpd@2.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-khfr-kgtb-rfam

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26

aliases CVE-2017-3169

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs

url VCID-17hy-4ppt-xyhw

vulnerability_id VCID-17hy-4ppt-xyhw

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26691

reference_id

reference_type

scores

value	0.40357
scoring_system	epss
scoring_elements	0.97325
published_at	2026-04-01T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97348
published_at	2026-04-13T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97344
published_at	2026-04-09T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97346
published_at	2026-04-11T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97347
published_at	2026-04-12T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97332
published_at	2026-04-02T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97336
published_at	2026-04-07T12:55:00Z

value	0.40357
scoring_system	epss
scoring_elements	0.97343
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966732
reference_id	1966732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966732

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26691.json

reference_url

reference_id

CVE-2021-26691

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26691.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:3816
reference_id	RHSA-2021:3816
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3816

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:0143
reference_id	RHSA-2022:0143
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0143

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2021-26691

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw

url VCID-2nmh-7tfa-zyb2

vulnerability_id VCID-2nmh-7tfa-zyb2

summary Prior to Apache HTTP release 2.4.25, mod_sessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. An authentication tag (SipHash MAC) is now added to prevent such attacks.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0736

reference_id

reference_type

scores

value	0.4168
scoring_system	epss
scoring_elements	0.97392
published_at	2026-04-01T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97418
published_at	2026-04-13T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97416
published_at	2026-04-11T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97417
published_at	2026-04-12T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97399
published_at	2026-04-02T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97403
published_at	2026-04-04T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97406
published_at	2026-04-07T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97413
published_at	2026-04-08T12:55:00Z

value	0.4168
scoring_system	epss
scoring_elements	0.97414
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0736

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1406744
reference_id	1406744
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1406744

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py
reference_id	CVE-2016-0736
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py

reference_url

https://httpd.apache.org/security/json/CVE-2016-0736.json

reference_id

CVE-2016-0736

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-0736.json

reference_url	https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt
reference_id	CVE-2016-0736
reference_type	exploit
scores
url	https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt

reference_url	https://security.gentoo.org/glsa/201701-36
reference_id	GLSA-201701-36
reference_type
scores
url	https://security.gentoo.org/glsa/201701-36

reference_url	https://access.redhat.com/errata/RHSA-2017:0906
reference_id	RHSA-2017:0906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0906

reference_url	https://access.redhat.com/errata/RHSA-2017:1161
reference_id	RHSA-2017:1161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1161

reference_url	https://access.redhat.com/errata/RHSA-2017:1413
reference_id	RHSA-2017:1413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1413

reference_url	https://access.redhat.com/errata/RHSA-2017:1414
reference_id	RHSA-2017:1414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1414

reference_url	https://access.redhat.com/errata/RHSA-2017:1415
reference_id	RHSA-2017:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1415

reference_url	https://usn.ubuntu.com/3279-1/
reference_id	USN-3279-1
reference_type
scores
url	https://usn.ubuntu.com/3279-1/

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2016-0736

risk_score 9.8

exploitability 2.0

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nmh-7tfa-zyb2

url VCID-2xc4-7zg9-y7fw

vulnerability_id VCID-2xc4-7zg9-y7fw

summary HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTP_PROXY" variable from a "Proxy:" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1624.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1624.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1625.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1625.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1648.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1648.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1649.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1649.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1650.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1650.html

reference_url	https://access.redhat.com/errata/RHSA-2016:1635
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1635

reference_url	https://access.redhat.com/errata/RHSA-2016:1636
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1636

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5387

reference_id

reference_type

scores

value	0.41959
scoring_system	epss
scoring_elements	0.9741
published_at	2026-04-02T12:55:00Z

value	0.41959
scoring_system	epss
scoring_elements	0.97403
published_at	2026-04-01T12:55:00Z

value	0.60283
scoring_system	epss
scoring_elements	0.98278
published_at	2026-04-13T12:55:00Z

value	0.60283
scoring_system	epss
scoring_elements	0.98268
published_at	2026-04-04T12:55:00Z

value	0.60283
scoring_system	epss
scoring_elements	0.98269
published_at	2026-04-07T12:55:00Z

value	0.60283
scoring_system	epss
scoring_elements	0.98274
published_at	2026-04-09T12:55:00Z

value	0.60283
scoring_system	epss
scoring_elements	0.98277
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

reference_url	https://httpoxy.org/
reference_id
reference_type
scores
url	https://httpoxy.org/

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/

reference_url	https://support.apple.com/HT208221
reference_id
reference_type
scores
url	https://support.apple.com/HT208221

reference_url	https://www.apache.org/security/asf-httpoxy-response.txt
reference_id
reference_type
scores
url	https://www.apache.org/security/asf-httpoxy-response.txt

reference_url	https://www.tenable.com/security/tns-2017-04
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2017-04

reference_url	http://www.debian.org/security/2016/dsa-3623
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3623

reference_url	http://www.kb.cert.org/vuls/id/797896
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/797896

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.securityfocus.com/bid/91816
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91816

reference_url	http://www.securitytracker.com/id/1036330
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036330

reference_url	http://www.ubuntu.com/usn/USN-3038-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3038-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1353755
reference_id	1353755
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1353755

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage::::::::
reference_id	cpe:2.3:a:hp:system_management_homepage::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository::::::::
reference_id	cpe:2.3:a:oracle:communications_user_data_repository::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_web_server:2.1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_web_server:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_web_server:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:-::::::
reference_id	cpe:2.3:o:oracle:linux:5:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-::::::
reference_id	cpe:2.3:o:oracle:linux:6:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-::::::
reference_id	cpe:2.3:o:oracle:linux:7:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:::::::*
reference_id	cpe:2.3:o:oracle:solaris:11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2016-5387.json

reference_id

CVE-2016-5387

reference_type

scores

value	n/a
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-5387.json

100

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5387

reference_id

CVE-2016-5387

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5387

101

reference_url	https://security.gentoo.org/glsa/201701-36
reference_id	GLSA-201701-36
reference_type
scores
url	https://security.gentoo.org/glsa/201701-36

102

reference_url	https://access.redhat.com/errata/RHSA-2016:1420
reference_id	RHSA-2016:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1420

103

reference_url	https://access.redhat.com/errata/RHSA-2016:1421
reference_id	RHSA-2016:1421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1421

104

reference_url	https://access.redhat.com/errata/RHSA-2016:1422
reference_id	RHSA-2016:1422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1422

105

reference_url	https://access.redhat.com/errata/RHSA-2016:1625
reference_id	RHSA-2016:1625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1625

106

reference_url	https://access.redhat.com/errata/RHSA-2016:1648
reference_id	RHSA-2016:1648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1648

107

reference_url	https://access.redhat.com/errata/RHSA-2016:1649
reference_id	RHSA-2016:1649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1649

108

reference_url	https://access.redhat.com/errata/RHSA-2016:1650
reference_id	RHSA-2016:1650
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1650

109

reference_url	https://access.redhat.com/errata/RHSA-2016:1851
reference_id	RHSA-2016:1851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1851

110

reference_url	https://usn.ubuntu.com/3038-1/
reference_id	USN-3038-1
reference_type
scores
url	https://usn.ubuntu.com/3038-1/

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2016-5387

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xc4-7zg9-y7fw

url VCID-3djp-gq4c-1fa9

vulnerability_id VCID-3djp-gq4c-1fa9

summary A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10092

reference_id

reference_type

scores

value	0.82379
scoring_system	epss
scoring_elements	0.99216
published_at	2026-04-01T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99221
published_at	2026-04-04T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99225
published_at	2026-04-13T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99224
published_at	2026-04-07T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99218
published_at	2026-04-02T12:55:00Z

value	0.82379
scoring_system	epss
scoring_elements	0.99226
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
reference_id
reference_type
scores
url	https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/

reference_url	https://seclists.org/bugtraq/2019/Aug/47
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Aug/47

reference_url	https://seclists.org/bugtraq/2019/Oct/24
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Oct/24

reference_url	https://security.netapp.com/advisory/ntap-20190905-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190905-0003/

reference_url	https://support.f5.com/csp/article/K30442259
reference_id
reference_type
scores
url	https://support.f5.com/csp/article/K30442259

reference_url	https://www.debian.org/security/2019/dsa-4509
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4509

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	http://www.openwall.com/lists/oss-security/2019/08/15/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/08/15/4

reference_url	http://www.openwall.com/lists/oss-security/2020/08/08/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/08/08/1

reference_url	http://www.openwall.com/lists/oss-security/2020/08/08/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/08/08/9

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743956
reference_id	1743956
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743956

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
reference_id	cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
reference_id	cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:secure_global_desktop:5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:::::::*
reference_id	cpe:2.3:a:redhat:software_collection:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collection:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap::::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8::::::
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:9.6:p8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/
reference_id	CVE-2019-10092
reference_type	exploit
scores
url	https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md
reference_id	CVE-2019-10092
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md

reference_url

https://httpd.apache.org/security/json/CVE-2019-10092.json

reference_id

CVE-2019-10092

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10092.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10092

reference_id

CVE-2019-10092

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10092

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:apache/httpd@2.4.41

purl pkg:apache/httpd@2.4.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41

aliases CVE-2019-10092

risk_score 10.0

exploitability 2.0

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3djp-gq4c-1fa9

url VCID-5bej-9h7w-33c8

vulnerability_id VCID-5bej-9h7w-33c8

summary When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.

references

reference_url	http://openwall.com/lists/oss-security/2017/09/18/2
reference_id
reference_type
scores
url	http://openwall.com/lists/oss-security/2017/09/18/2

reference_url	https://access.redhat.com/errata/RHSA-2017:3113
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3113

reference_url	https://access.redhat.com/errata/RHSA-2017:3114
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3114

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9798

reference_id

reference_type

scores

value	0.9384
scoring_system	epss
scoring_elements	0.99862
published_at	2026-04-01T12:55:00Z

value	0.9384
scoring_system	epss
scoring_elements	0.99865
published_at	2026-04-13T12:55:00Z

value	0.9384
scoring_system	epss
scoring_elements	0.99864
published_at	2026-04-12T12:55:00Z

value	0.9384
scoring_system	epss
scoring_elements	0.99863
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9798

reference_url	https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
reference_id
reference_type
scores
url	https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html

reference_url	https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
reference_id
reference_type
scores
url	https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798

reference_url	http://seclists.org/fulldisclosure/2024/Sep/22
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2024/Sep/22

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a
reference_id
reference_type
scores
url	https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a

reference_url	https://github.com/hannob/optionsbleed
reference_id
reference_type
scores
url	https://github.com/hannob/optionsbleed

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20180601-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180601-0003/

reference_url	https://security-tracker.debian.org/tracker/CVE-2017-9798
reference_id
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2017-9798

reference_url	https://support.apple.com/HT208331
reference_id
reference_type
scores
url	https://support.apple.com/HT208331

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

reference_url	https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
reference_id
reference_type
scores
url	https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch

reference_url	https://www.exploit-db.com/exploits/42745/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/42745/

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url	https://www.tenable.com/security/tns-2019-09
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2019-09

reference_url	http://www.debian.org/security/2017/dsa-3980
reference_id
reference_type
scores
url	http://www.debian.org/security/2017/dsa-3980

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	http://www.securityfocus.com/bid/100872
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100872

reference_url	http://www.securityfocus.com/bid/105598
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105598

reference_url	http://www.securitytracker.com/id/1039387
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039387

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1490344
reference_id	1490344
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1490344

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109
reference_id	876109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109

reference_url	https://security.archlinux.org/ASA-201709-15
reference_id	ASA-201709-15
reference_type
scores
url	https://security.archlinux.org/ASA-201709-15

reference_url

https://security.archlinux.org/AVG-404

reference_id

AVG-404

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-404

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2017-9798.json

reference_id

CVE-2017-9798

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-9798.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9798

reference_id

CVE-2017-9798

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9798

reference_url	https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed
reference_id	CVE-2017-9798;OPTIONSBLEED
reference_type	exploit
scores
url	https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py
reference_id	CVE-2017-9798;OPTIONSBLEED
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py

reference_url	https://security.gentoo.org/glsa/201710-32
reference_id	GLSA-201710-32
reference_type
scores
url	https://security.gentoo.org/glsa/201710-32

reference_url	https://access.redhat.com/errata/RHSA-2017:2882
reference_id	RHSA-2017:2882
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2882

reference_url	https://access.redhat.com/errata/RHSA-2017:2972
reference_id	RHSA-2017:2972
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2972

reference_url	https://access.redhat.com/errata/RHSA-2017:3018
reference_id	RHSA-2017:3018
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3018

reference_url	https://access.redhat.com/errata/RHSA-2017:3193
reference_id	RHSA-2017:3193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3193

reference_url	https://access.redhat.com/errata/RHSA-2017:3194
reference_id	RHSA-2017:3194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3194

reference_url	https://access.redhat.com/errata/RHSA-2017:3195
reference_id	RHSA-2017:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3195

reference_url	https://access.redhat.com/errata/RHSA-2017:3239
reference_id	RHSA-2017:3239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3239

reference_url	https://access.redhat.com/errata/RHSA-2017:3240
reference_id	RHSA-2017:3240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3240

reference_url	https://access.redhat.com/errata/RHSA-2017:3475
reference_id	RHSA-2017:3475
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3475

reference_url	https://access.redhat.com/errata/RHSA-2017:3476
reference_id	RHSA-2017:3476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3476

reference_url	https://access.redhat.com/errata/RHSA-2017:3477
reference_id	RHSA-2017:3477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3477

reference_url	https://usn.ubuntu.com/3425-1/
reference_id	USN-3425-1
reference_type
scores
url	https://usn.ubuntu.com/3425-1/

reference_url	https://usn.ubuntu.com/3425-2/
reference_id	USN-3425-2
reference_type
scores
url	https://usn.ubuntu.com/3425-2/

fixed_packages

url pkg:apache/httpd@2.4.28

purl pkg:apache/httpd@2.4.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.28

aliases CVE-2017-9798

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8

url VCID-5xrt-1n1q-4bey

vulnerability_id VCID-5xrt-1n1q-4bey

summary In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1927

reference_id

reference_type

scores

value	0.11302
scoring_system	epss
scoring_elements	0.93495
published_at	2026-04-01T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93527
published_at	2026-04-12T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93511
published_at	2026-04-07T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93519
published_at	2026-04-08T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93522
published_at	2026-04-09T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93528
published_at	2026-04-13T12:55:00Z

value	0.11302
scoring_system	epss
scoring_elements	0.93504
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

reference_url	https://security.netapp.com/advisory/ntap-20200413-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200413-0002/

reference_url	https://www.debian.org/security/2020/dsa-4757
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4757

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	http://www.openwall.com/lists/oss-security/2020/04/03/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/04/03/1

reference_url	http://www.openwall.com/lists/oss-security/2020/04/04/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/04/04/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1820761
reference_id	1820761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1820761

reference_url	https://security.archlinux.org/ASA-202004-14
reference_id	ASA-202004-14
reference_type
scores
url	https://security.archlinux.org/ASA-202004-14

reference_url

reference_id

AVG-1126

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1927.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
reference_id	cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:::::::*
reference_id	cpe:2.3:a:oracle:sd-wan_aware:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_id	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:::::::*
reference_id	cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

reference_id

CVE-2020-1927

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1927.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1927

reference_id

CVE-2020-1927

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1927

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:2263
reference_id	RHSA-2020:2263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2263

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url	pkg:apache/httpd@2.4.42
purl	pkg:apache/httpd@2.4.42
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.42

aliases CVE-2020-1927

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey

url VCID-66k7-maf9-dfcd

vulnerability_id VCID-66k7-maf9-dfcd

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35452

reference_id

reference_type

scores

value	0.10695
scoring_system	epss
scoring_elements	0.93289
published_at	2026-04-01T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93319
published_at	2026-04-13T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93315
published_at	2026-04-09T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.9332
published_at	2026-04-11T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93318
published_at	2026-04-12T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93297
published_at	2026-04-02T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93303
published_at	2026-04-04T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93302
published_at	2026-04-07T12:55:00Z

value	0.10695
scoring_system	epss
scoring_elements	0.93311
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966724
reference_id	1966724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966724

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-35452.json

reference_url

reference_id

CVE-2020-35452

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-35452.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://access.redhat.com/errata/RHSA-2022:1915
reference_id	RHSA-2022:1915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1915

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2020-35452

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd

url VCID-6vxq-uxxw-ybeh

vulnerability_id VCID-6vxq-uxxw-ybeh

summary Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0196

reference_id

reference_type

scores

value	0.09496
scoring_system	epss
scoring_elements	0.92804
published_at	2026-04-01T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.9283
published_at	2026-04-12T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.92823
published_at	2026-04-08T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.92827
published_at	2026-04-09T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.92831
published_at	2026-04-13T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.92811
published_at	2026-04-02T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.92816
published_at	2026-04-04T12:55:00Z

value	0.09496
scoring_system	epss
scoring_elements	0.92814
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695030
reference_id	1695030
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695030

reference_url	https://security.archlinux.org/ASA-201904-3
reference_id	ASA-201904-3
reference_type
scores
url	https://security.archlinux.org/ASA-201904-3

reference_url

reference_id

AVG-946

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0196.json

reference_url

reference_id

CVE-2019-0196

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0196.json

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/3937-1/
reference_id	USN-3937-1
reference_type
scores
url	https://usn.ubuntu.com/3937-1/

fixed_packages

url pkg:apache/httpd@2.4.39

purl pkg:apache/httpd@2.4.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.39

aliases CVE-2019-0196

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh

url VCID-7u2r-egf2-vfhx

vulnerability_id VCID-7u2r-egf2-vfhx

summary By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17189

reference_id

reference_type

scores

value	0.05616
scoring_system	epss
scoring_elements	0.90289
published_at	2026-04-01T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90332
published_at	2026-04-13T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.9031
published_at	2026-04-07T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90324
published_at	2026-04-08T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90331
published_at	2026-04-09T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90339
published_at	2026-04-11T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90338
published_at	2026-04-12T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90292
published_at	2026-04-02T12:55:00Z

value	0.05616
scoring_system	epss
scoring_elements	0.90305
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/

reference_url	https://seclists.org/bugtraq/2019/Apr/5
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/5

reference_url	https://security.gentoo.org/glsa/201903-21
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201903-21

reference_url	https://security.netapp.com/advisory/ntap-20190125-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190125-0001/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

reference_url	https://www.debian.org/security/2019/dsa-4422
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4422

reference_url	https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://www.tenable.com/security/tns-2019-09
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2019-09

reference_url	http://www.securityfocus.com/bid/106685
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106685

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1668497
reference_id	1668497
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1668497

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302
reference_id	920302
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302

reference_url	https://security.archlinux.org/ASA-201901-14
reference_id	ASA-201901-14
reference_type
scores
url	https://security.archlinux.org/ASA-201901-14

reference_url

reference_id

AVG-857

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-17189.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.34:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.35:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_id	cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_id	cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
reference_id	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
reference_id	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:::::::*
reference_id	cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url

reference_id

CVE-2018-17189

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-17189.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17189

reference_id

CVE-2018-17189

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17189

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/3937-1/
reference_id	USN-3937-1
reference_type
scores
url	https://usn.ubuntu.com/3937-1/

fixed_packages

url pkg:apache/httpd@2.4.38

purl pkg:apache/httpd@2.4.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-ugdv-apr8-g3bz

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.38

aliases CVE-2018-17189

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx

url VCID-7zer-dq7c-8ffq

vulnerability_id VCID-7zer-dq7c-8ffq

summary For configurations enabling support for HTTP/2, SSL client certificate validation was not enforced if configured, allowing clients unauthorized access to protected resources over HTTP/2. This issue affected releases 2.4.18 and 2.4.20 only.

references

reference_url	http://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	http://httpd.apache.org/security/vulnerabilities_24.html

reference_url	http://packetstormsecurity.com/files/137771/Apache-2.4.20-X509-Authentication-Bypass.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/137771/Apache-2.4.20-X509-Authentication-Bypass.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4979.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4979.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4979

reference_id

reference_type

scores

value	0.1736
scoring_system	epss
scoring_elements	0.95022
published_at	2026-04-01T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95057
published_at	2026-04-13T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95044
published_at	2026-04-08T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95048
published_at	2026-04-09T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95053
published_at	2026-04-11T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95055
published_at	2026-04-12T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95033
published_at	2026-04-02T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95034
published_at	2026-04-04T12:55:00Z

value	0.1736
scoring_system	epss
scoring_elements	0.95036
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4979

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4979

reference_url	http://seclists.org/fulldisclosure/2016/Jul/11
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2016/Jul/11

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/apache/httpd/commit/2d0e4eff04ea963128a41faaef21f987272e05a2
reference_id
reference_type
scores
url	https://github.com/apache/httpd/commit/2d0e4eff04ea963128a41faaef21f987272e05a2

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20180601-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180601-0001/

reference_url	http://www.apache.org/dist/httpd/CHANGES_2.4
reference_id
reference_type
scores
url	http://www.apache.org/dist/httpd/CHANGES_2.4

reference_url	http://www.openwall.com/lists/oss-security/2016/07/05/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/07/05/5

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

reference_url	http://www.securityfocus.com/bid/91566
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91566

reference_url	http://www.securitytracker.com/id/1036225
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036225

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1352476
reference_id	1352476
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1352476

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.19:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2016-4979.json

reference_id

CVE-2016-4979

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-4979.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4979

reference_id

CVE-2016-4979

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4979

reference_url	https://security.gentoo.org/glsa/201610-02
reference_id	GLSA-201610-02
reference_type
scores
url	https://security.gentoo.org/glsa/201610-02

reference_url	https://access.redhat.com/errata/RHSA-2016:1420
reference_id	RHSA-2016:1420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1420

fixed_packages

url pkg:apache/httpd@2.4.23

purl pkg:apache/httpd@2.4.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-2nmh-7tfa-zyb2

vulnerability	VCID-2xc4-7zg9-y7fw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-8gcm-7q3n-q7bm

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-pc2n-ga7g-byga

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-rfqy-e7pv-dyfy

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-tkm7-pyue-7ffj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wgte-97r1-j7a9

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.23

aliases CVE-2016-4979

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7zer-dq7c-8ffq

url VCID-8gcm-7q3n-q7bm

vulnerability_id VCID-8gcm-7q3n-q7bm

summary Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4975.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4975.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4975

reference_id

reference_type

scores

value	0.73272
scoring_system	epss
scoring_elements	0.98788
published_at	2026-04-09T12:55:00Z

value	0.73272
scoring_system	epss
scoring_elements	0.98789
published_at	2026-04-08T12:55:00Z

value	0.73272
scoring_system	epss
scoring_elements	0.98791
published_at	2026-04-11T12:55:00Z

value	0.73272
scoring_system	epss
scoring_elements	0.98793
published_at	2026-04-13T12:55:00Z

value	0.73272
scoring_system	epss
scoring_elements	0.98792
published_at	2026-04-12T12:55:00Z

value	0.75341
scoring_system	epss
scoring_elements	0.9888
published_at	2026-04-04T12:55:00Z

value	0.75341
scoring_system	epss
scoring_elements	0.98876
published_at	2026-04-01T12:55:00Z

value	0.75341
scoring_system	epss
scoring_elements	0.98878
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4975

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1375968
reference_id	1375968
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1375968

reference_url

https://httpd.apache.org/security/json/CVE-2016-4975.json

reference_id

CVE-2016-4975

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-4975.json

reference_url	https://access.redhat.com/errata/RHSA-2017:0906
reference_id	RHSA-2017:0906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0906

reference_url	https://access.redhat.com/errata/RHSA-2018:2185
reference_id	RHSA-2018:2185
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2185

reference_url	https://access.redhat.com/errata/RHSA-2018:2186
reference_id	RHSA-2018:2186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2186

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2016-4975

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gcm-7q3n-q7bm

url VCID-91u7-vh6n-v7fm

vulnerability_id VCID-91u7-vh6n-v7fm

summary Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13938

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21778
published_at	2026-04-01T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21808
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21906
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21866
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21943
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21997
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21761
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21839
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21894
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13938

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1970006
reference_id	1970006
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1970006

reference_url

https://security.archlinux.org/AVG-2054

reference_id

AVG-2054

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2054

reference_url

https://httpd.apache.org/security/json/CVE-2020-13938.json

reference_id

CVE-2020-13938

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-13938.json

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2020-13938

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm

url VCID-9qdr-1v39-d7b7

vulnerability_id VCID-9qdr-1v39-d7b7

summary When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because "SessionEnv on" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1283

reference_id

reference_type

scores

value	0.03348
scoring_system	epss
scoring_elements	0.87263
published_at	2026-04-01T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87316
published_at	2026-04-13T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87313
published_at	2026-04-09T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87326
published_at	2026-04-11T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.8732
published_at	2026-04-12T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87273
published_at	2026-04-02T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87289
published_at	2026-04-04T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87287
published_at	2026-04-07T12:55:00Z

value	0.03348
scoring_system	epss
scoring_elements	0.87306
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560395
reference_id	1560395
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560395

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1283.json

reference_url

reference_id

CVE-2018-1283

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1283.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

fixed_packages

url pkg:apache/httpd@2.4.33

purl pkg:apache/httpd@2.4.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33

aliases CVE-2018-1283

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7

url VCID-9vzm-qtye-ufh2

vulnerability_id VCID-9vzm-qtye-ufh2

summary By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default

references

reference_url	https://access.redhat.com/errata/RHSA-2018:3558
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3558

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1333

reference_id

reference_type

scores

value	0.09859
scoring_system	epss
scoring_elements	0.92958
published_at	2026-04-01T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92987
published_at	2026-04-13T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.9297
published_at	2026-04-07T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92978
published_at	2026-04-08T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92983
published_at	2026-04-09T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92988
published_at	2026-04-11T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92986
published_at	2026-04-12T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92967
published_at	2026-04-02T12:55:00Z

value	0.09859
scoring_system	epss
scoring_elements	0.92971
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1333

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://security.netapp.com/advisory/ntap-20180926-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20180926-0007/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

reference_url	https://www.tenable.com/security/tns-2019-09
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2019-09

reference_url	http://www.securitytracker.com/id/1041402
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041402

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1605048
reference_id	1605048
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1605048

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106
reference_id	904106
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106

reference_url	https://security.archlinux.org/ASA-201807-12
reference_id	ASA-201807-12
reference_type
scores
url	https://security.archlinux.org/ASA-201807-12

reference_url

https://security.archlinux.org/AVG-736

reference_id

AVG-736

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-736

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:::::::*
reference_id	cpe:2.3:a:apache:http_server:2.4.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*
reference_id	cpe:2.3:a:netapp:cloud_backup:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_id	cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2018-1333.json

reference_id

CVE-2018-1333

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1333.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1333

reference_id

CVE-2018-1333

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1333

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://usn.ubuntu.com/3783-1/
reference_id	USN-3783-1
reference_type
scores
url	https://usn.ubuntu.com/3783-1/

fixed_packages

url pkg:apache/httpd@2.4.34

purl pkg:apache/httpd@2.4.34

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.34

aliases CVE-2018-1333

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2

url VCID-a9rw-3s1y-hqd7

vulnerability_id VCID-a9rw-3s1y-hqd7

summary Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10082.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10082

reference_id

reference_type

scores

value	0.47892
scoring_system	epss
scoring_elements	0.97695
published_at	2026-04-01T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97717
published_at	2026-04-13T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97707
published_at	2026-04-08T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.9771
published_at	2026-04-09T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97713
published_at	2026-04-11T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97716
published_at	2026-04-12T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97701
published_at	2026-04-02T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97703
published_at	2026-04-04T12:55:00Z

value	0.47892
scoring_system	epss
scoring_elements	0.97702
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743974
reference_id	1743974
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743974

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url

https://httpd.apache.org/security/json/CVE-2019-10082.json

reference_id

CVE-2019-10082

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10082.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10082

reference_id

CVE-2019-10082

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10082

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:apache/httpd@2.4.41

purl pkg:apache/httpd@2.4.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41

aliases CVE-2019-10082

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rw-3s1y-hqd7

url VCID-apfh-r85v-dbhz

vulnerability_id VCID-apfh-r85v-dbhz

summary When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1302

reference_id

reference_type

scores

value	0.12125
scoring_system	epss
scoring_elements	0.93766
published_at	2026-04-01T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93806
published_at	2026-04-13T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93798
published_at	2026-04-08T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93801
published_at	2026-04-09T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93805
published_at	2026-04-11T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93776
published_at	2026-04-02T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93785
published_at	2026-04-04T12:55:00Z

value	0.12125
scoring_system	epss
scoring_elements	0.93789
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560625
reference_id	1560625
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560625

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1302.json

reference_url

reference_id

CVE-2018-1302

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1302.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://usn.ubuntu.com/3783-1/
reference_id	USN-3783-1
reference_type
scores
url	https://usn.ubuntu.com/3783-1/

fixed_packages

url pkg:apache/httpd@2.4.33

purl pkg:apache/httpd@2.4.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33

aliases CVE-2018-1302

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz

url VCID-auhk-ppv5-buaa

vulnerability_id VCID-auhk-ppv5-buaa

summary in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1934

reference_id

reference_type

scores

value	0.38657
scoring_system	epss
scoring_elements	0.97221
published_at	2026-04-01T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97248
published_at	2026-04-13T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97233
published_at	2026-04-07T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97242
published_at	2026-04-08T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97243
published_at	2026-04-09T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97247
published_at	2026-04-11T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97227
published_at	2026-04-02T12:55:00Z

value	0.38657
scoring_system	epss
scoring_elements	0.97232
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

reference_url	https://security.netapp.com/advisory/ntap-20200413-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200413-0002/

reference_url	https://www.debian.org/security/2020/dsa-4757
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4757

reference_url	https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujul2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1820772
reference_id	1820772
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1820772

reference_url	https://security.archlinux.org/ASA-202004-14
reference_id	ASA-202004-14
reference_type
scores
url	https://security.archlinux.org/ASA-202004-14

reference_url

reference_id

AVG-1126

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1934.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_id	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

reference_id

CVE-2020-1934

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-1934.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1934

reference_id

CVE-2020-1934

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1934

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url	pkg:apache/httpd@2.4.42
purl	pkg:apache/httpd@2.4.42
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.42

aliases CVE-2020-1934

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa

url VCID-bvkg-nrwd-e7g8

vulnerability_id VCID-bvkg-nrwd-e7g8

summary Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26690

reference_id

reference_type

scores

value	0.70379
scoring_system	epss
scoring_elements	0.98675
published_at	2026-04-02T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98687
published_at	2026-04-13T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98682
published_at	2026-04-08T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98683
published_at	2026-04-09T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98685
published_at	2026-04-12T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98678
published_at	2026-04-04T12:55:00Z

value	0.70379
scoring_system	epss
scoring_elements	0.98681
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966729
reference_id	1966729
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966729

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26690.json

reference_url

reference_id

CVE-2021-26690

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2021-26690.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4257
reference_id	RHSA-2021:4257
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4257

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

reference_url	https://usn.ubuntu.com/4994-1/
reference_id	USN-4994-1
reference_type
scores
url	https://usn.ubuntu.com/4994-1/

reference_url	https://usn.ubuntu.com/4994-2/
reference_id	USN-4994-2
reference_type
scores
url	https://usn.ubuntu.com/4994-2/

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2021-26690

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8

url VCID-ct26-19cq-8kd7

vulnerability_id VCID-ct26-19cq-8kd7

summary In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17199

reference_id

reference_type

scores

value	0.10459
scoring_system	epss
scoring_elements	0.93208
published_at	2026-04-01T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93236
published_at	2026-04-13T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.9322
published_at	2026-04-07T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93228
published_at	2026-04-08T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93233
published_at	2026-04-09T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93237
published_at	2026-04-11T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93234
published_at	2026-04-12T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93217
published_at	2026-04-02T12:55:00Z

value	0.10459
scoring_system	epss
scoring_elements	0.93222
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html

reference_url	https://seclists.org/bugtraq/2019/Apr/5
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/5

reference_url	https://security.gentoo.org/glsa/201903-21
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201903-21

reference_url	https://security.netapp.com/advisory/ntap-20190125-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190125-0001/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

reference_url	https://www.debian.org/security/2019/dsa-4422
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4422

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://www.tenable.com/security/tns-2019-09
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2019-09

reference_url	http://www.securityfocus.com/bid/106742
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106742

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1668493
reference_id	1668493
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1668493

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303
reference_id	920303
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303

reference_url	https://security.archlinux.org/ASA-201901-14
reference_id	ASA-201901-14
reference_type
scores
url	https://security.archlinux.org/ASA-201901-14

reference_url

reference_id

AVG-857

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-17199.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_id	cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_id	cpe:2.3:a:netapp:storage_automation_store:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

reference_id

CVE-2018-17199

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-17199.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17199

reference_id

CVE-2018-17199

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17199

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:1121
reference_id	RHSA-2020:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1121

reference_url	https://access.redhat.com/errata/RHSA-2021:1809
reference_id	RHSA-2021:1809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1809

reference_url	https://usn.ubuntu.com/3937-1/
reference_id	USN-3937-1
reference_type
scores
url	https://usn.ubuntu.com/3937-1/

fixed_packages

url pkg:apache/httpd@2.4.38

purl pkg:apache/httpd@2.4.38

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-ugdv-apr8-g3bz

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.38

aliases CVE-2018-17199

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7

url VCID-e3jc-83a7-8uhh

vulnerability_id VCID-e3jc-83a7-8uhh

summary By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11763.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11763

reference_id

reference_type

scores

value	0.17401
scoring_system	epss
scoring_elements	0.95033
published_at	2026-04-01T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95068
published_at	2026-04-13T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95064
published_at	2026-04-11T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95065
published_at	2026-04-12T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95044
published_at	2026-04-02T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95045
published_at	2026-04-04T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95047
published_at	2026-04-07T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95055
published_at	2026-04-08T12:55:00Z

value	0.17401
scoring_system	epss
scoring_elements	0.95058
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11763

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1633399
reference_id	1633399
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1633399

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591
reference_id	909591
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909591

reference_url

https://httpd.apache.org/security/json/CVE-2018-11763.json

reference_id

CVE-2018-11763

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-11763.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://usn.ubuntu.com/3783-1/
reference_id	USN-3783-1
reference_type
scores
url	https://usn.ubuntu.com/3783-1/

fixed_packages

url pkg:apache/httpd@2.4.35

purl pkg:apache/httpd@2.4.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-4sss-a8ne-kqbc

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.35

aliases CVE-2018-11763

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3jc-83a7-8uhh

url VCID-eesz-v6ae-gya3

vulnerability_id VCID-eesz-v6ae-gya3

summary In Apache HTTP Server versions 2.4.20 to 2.4.43, a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9490.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9490

reference_id

reference_type

scores

value	0.76276
scoring_system	epss
scoring_elements	0.98919
published_at	2026-04-01T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98929
published_at	2026-04-13T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98926
published_at	2026-04-09T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98928
published_at	2026-04-11T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.9892
published_at	2026-04-02T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98922
published_at	2026-04-04T12:55:00Z

value	0.76276
scoring_system	epss
scoring_elements	0.98925
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9490

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1866560
reference_id	1866560
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1866560

reference_url

https://httpd.apache.org/security/json/CVE-2020-9490.json

reference_id

CVE-2020-9490

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-9490.json

reference_url	https://security.gentoo.org/glsa/202008-04
reference_id	GLSA-202008-04
reference_type
scores
url	https://security.gentoo.org/glsa/202008-04

reference_url	https://access.redhat.com/errata/RHSA-2020:3714
reference_id	RHSA-2020:3714
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3714

reference_url	https://access.redhat.com/errata/RHSA-2020:3726
reference_id	RHSA-2020:3726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3726

reference_url	https://access.redhat.com/errata/RHSA-2020:3733
reference_id	RHSA-2020:3733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3733

reference_url	https://access.redhat.com/errata/RHSA-2020:3734
reference_id	RHSA-2020:3734
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3734

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url	pkg:apache/httpd@2.4.44
purl	pkg:apache/httpd@2.4.44
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.44

aliases CVE-2020-9490

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eesz-v6ae-gya3

url VCID-ehv1-yvpu-ubcg

vulnerability_id VCID-ehv1-yvpu-ubcg

summary In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html

reference_url

http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html

reference_url

http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html

reference_url

http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html

reference_url

https://access.redhat.com/errata/RHBA-2019:0959

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://access.redhat.com/errata/RHBA-2019:0959

reference_url

https://access.redhat.com/errata/RHSA-2019:1543

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://access.redhat.com/errata/RHSA-2019:1543

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0211

reference_id

reference_type

scores

value	0.90159
scoring_system	epss
scoring_elements	0.99586
published_at	2026-04-01T12:55:00Z

value	0.9026
scoring_system	epss
scoring_elements	0.99594
published_at	2026-04-04T12:55:00Z

value	0.9026
scoring_system	epss
scoring_elements	0.99593
published_at	2026-04-02T12:55:00Z

value	0.90908
scoring_system	epss
scoring_elements	0.99632
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://httpd.apache.org/security/vulnerabilities_24.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://httpd.apache.org/security/vulnerabilities_24.html

reference_url

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E

reference_url

https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/

reference_url

https://seclists.org/bugtraq/2019/Apr/16

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://seclists.org/bugtraq/2019/Apr/16

reference_url

https://seclists.org/bugtraq/2019/Apr/5

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://seclists.org/bugtraq/2019/Apr/5

reference_url

https://security.netapp.com/advisory/ntap-20190423-0001/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://security.netapp.com/advisory/ntap-20190423-0001/

reference_url

https://support.f5.com/csp/article/K32957101

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://support.f5.com/csp/article/K32957101

reference_url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

reference_url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211
reference_id
reference_type
scores
url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211

reference_url

https://www.debian.org/security/2019/dsa-4422

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://www.debian.org/security/2019/dsa-4422

reference_url

https://www.exploit-db.com/exploits/46676/

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://www.exploit-db.com/exploits/46676/

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url

https://www.synology.com/security/advisory/Synology_SA_19_14

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://www.synology.com/security/advisory/Synology_SA_19_14

reference_url

http://www.apache.org/dist/httpd/CHANGES_2.4.39

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://www.apache.org/dist/httpd/CHANGES_2.4.39

reference_url

http://www.openwall.com/lists/oss-security/2019/04/02/3

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://www.openwall.com/lists/oss-security/2019/04/02/3

reference_url

http://www.openwall.com/lists/oss-security/2019/07/26/7

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://www.openwall.com/lists/oss-security/2019/07/26/7

reference_url

http://www.securityfocus.com/bid/107666

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

http://www.securityfocus.com/bid/107666

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1694980
reference_id	1694980
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1694980

reference_url	https://security.archlinux.org/ASA-201904-3
reference_id	ASA-201904-3
reference_type
scores
url	https://security.archlinux.org/ASA-201904-3

reference_url

reference_id

AVG-946

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0211.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::
reference_id	cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
reference_id	cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
reference_id	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:::::::*
reference_id	cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_id	cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:::::::*

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*

126

reference_url	https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php
reference_id	CVE-2019-0211
reference_type	exploit
scores
url	https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php

127

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php
reference_id	CVE-2019-0211
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php

128

reference_url

reference_id

CVE-2019-0211

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0211.json

129

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0211

reference_id

CVE-2019-0211

reference_type

scores

value	7.2
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0211

130

reference_url

https://security.gentoo.org/glsa/201904-20

reference_id

GLSA-201904-20

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://security.gentoo.org/glsa/201904-20

131

reference_url

https://access.redhat.com/errata/RHSA-2019:0746

reference_id

RHSA-2019:0746

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://access.redhat.com/errata/RHSA-2019:0746

132

reference_url

https://access.redhat.com/errata/RHSA-2019:0980

reference_id

RHSA-2019:0980

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://access.redhat.com/errata/RHSA-2019:0980

133

reference_url

https://access.redhat.com/errata/RHSA-2019:1296

reference_id

RHSA-2019:1296

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://access.redhat.com/errata/RHSA-2019:1296

134

reference_url

https://access.redhat.com/errata/RHSA-2019:1297

reference_id

RHSA-2019:1297

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://access.redhat.com/errata/RHSA-2019:1297

135

reference_url

https://usn.ubuntu.com/3937-1/

reference_id

USN-3937-1

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/

url

https://usn.ubuntu.com/3937-1/

fixed_packages

url pkg:apache/httpd@2.4.39

purl pkg:apache/httpd@2.4.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.39

aliases CVE-2019-0211

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg

url VCID-f2y3-s6j8-7ygr

vulnerability_id VCID-f2y3-s6j8-7ygr

summary Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17567

reference_id

reference_type

scores

value	0.12438
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-01T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93903
published_at	2026-04-12T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93895
published_at	2026-04-08T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93898
published_at	2026-04-09T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93902
published_at	2026-04-13T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93874
published_at	2026-04-02T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93883
published_at	2026-04-04T12:55:00Z

value	0.12438
scoring_system	epss
scoring_elements	0.93886
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17567

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1966740
reference_id	1966740
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1966740

reference_url

reference_id

AVG-2053

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-17567.json

reference_url

reference_id

CVE-2019-17567

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-17567.json

reference_url	https://security.gentoo.org/glsa/202107-38
reference_id	GLSA-202107-38
reference_type
scores
url	https://security.gentoo.org/glsa/202107-38

reference_url	https://access.redhat.com/errata/RHSA-2021:4613
reference_id	RHSA-2021:4613
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4613

reference_url	https://access.redhat.com/errata/RHSA-2021:4614
reference_id	RHSA-2021:4614
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4614

fixed_packages

url pkg:apache/httpd@2.4.48

purl pkg:apache/httpd@2.4.48

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9u53-b79b-cfgd

vulnerability	VCID-db6k-j9mj-e7hy

vulnerability	VCID-mtg7-8556-kbgd

vulnerability	VCID-rdtq-8ng5-53fn

vulnerability	VCID-wrw6-uzz4-rkfb

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48

aliases CVE-2019-17567

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr

url VCID-fqem-96w3-rucb

vulnerability_id VCID-fqem-96w3-rucb

summary When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1312

reference_id

reference_type

scores

value	0.0728
scoring_system	epss
scoring_elements	0.91622
published_at	2026-04-01T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91663
published_at	2026-04-13T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91661
published_at	2026-04-09T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91664
published_at	2026-04-11T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91667
published_at	2026-04-12T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91629
published_at	2026-04-02T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91634
published_at	2026-04-04T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91642
published_at	2026-04-07T12:55:00Z

value	0.0728
scoring_system	epss
scoring_elements	0.91655
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560634
reference_id	1560634
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560634

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1312.json

reference_url

reference_id

CVE-2018-1312

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1312.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2019:1898
reference_id	RHSA-2019:1898
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1898

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

reference_url	https://usn.ubuntu.com/3937-2/
reference_id	USN-3937-2
reference_type
scores
url	https://usn.ubuntu.com/3937-2/

fixed_packages

url pkg:apache/httpd@2.4.33

purl pkg:apache/httpd@2.4.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33

aliases CVE-2018-1312

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb

url VCID-fyrq-yg2u-jkc7

vulnerability_id VCID-fyrq-yg2u-jkc7

summary mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7679

reference_id

reference_type

scores

value	0.30062
scoring_system	epss
scoring_elements	0.96661
published_at	2026-04-13T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.96725
published_at	2026-04-02T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.96715
published_at	2026-04-01T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.9673
published_at	2026-04-07T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.96738
published_at	2026-04-08T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.96739
published_at	2026-04-09T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.96742
published_at	2026-04-12T12:55:00Z

value	0.31057
scoring_system	epss
scoring_elements	0.96726
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7679

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1463207
reference_id	1463207
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1463207

reference_url	https://security.archlinux.org/ASA-201706-34
reference_id	ASA-201706-34
reference_type
scores
url	https://security.archlinux.org/ASA-201706-34

reference_url

reference_id

AVG-316

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-7679.json

reference_url

reference_id

CVE-2017-7679

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-7679.json

reference_url	https://security.gentoo.org/glsa/201710-32
reference_id	GLSA-201710-32
reference_type
scores
url	https://security.gentoo.org/glsa/201710-32

reference_url	https://access.redhat.com/errata/RHSA-2017:2478
reference_id	RHSA-2017:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2478

reference_url	https://access.redhat.com/errata/RHSA-2017:2479
reference_id	RHSA-2017:2479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2479

reference_url	https://access.redhat.com/errata/RHSA-2017:2483
reference_id	RHSA-2017:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2483

reference_url	https://access.redhat.com/errata/RHSA-2017:3193
reference_id	RHSA-2017:3193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3193

reference_url	https://access.redhat.com/errata/RHSA-2017:3194
reference_id	RHSA-2017:3194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3194

reference_url	https://access.redhat.com/errata/RHSA-2017:3195
reference_id	RHSA-2017:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3195

reference_url	https://access.redhat.com/errata/RHSA-2017:3475
reference_id	RHSA-2017:3475
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3475

reference_url	https://access.redhat.com/errata/RHSA-2017:3476
reference_id	RHSA-2017:3476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3476

reference_url	https://access.redhat.com/errata/RHSA-2017:3477
reference_id	RHSA-2017:3477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3477

reference_url	https://usn.ubuntu.com/3340-1/
reference_id	USN-3340-1
reference_type
scores
url	https://usn.ubuntu.com/3340-1/

reference_url	https://usn.ubuntu.com/3373-1/
reference_id	USN-3373-1
reference_type
scores
url	https://usn.ubuntu.com/3373-1/

fixed_packages

url pkg:apache/httpd@2.4.26

purl pkg:apache/httpd@2.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-khfr-kgtb-rfam

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26

aliases CVE-2017-7679

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7

url VCID-h6kk-81jx-h7b8

vulnerability_id VCID-h6kk-81jx-h7b8

summary Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10098

reference_id

reference_type

scores

value	0.80306
scoring_system	epss
scoring_elements	0.99111
published_at	2026-04-01T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99114
published_at	2026-04-04T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99119
published_at	2026-04-11T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99117
published_at	2026-04-07T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.99112
published_at	2026-04-02T12:55:00Z

value	0.80306
scoring_system	epss
scoring_elements	0.9912
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpujan2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	http://www.openwall.com/lists/oss-security/2020/04/01/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2020/04/01/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743959
reference_id	1743959
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743959

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/
reference_id	CVE-2019-10098
reference_type	exploit
scores
url	https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md
reference_id	CVE-2019-10098
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md

reference_url

https://httpd.apache.org/security/json/CVE-2019-10098.json

reference_id

CVE-2019-10098

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10098.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10098

reference_id

CVE-2019-10098

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10098

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:2263
reference_id	RHSA-2020:2263
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2263

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:apache/httpd@2.4.41

purl pkg:apache/httpd@2.4.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41

aliases CVE-2019-10098

risk_score 10.0

exploitability 2.0

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6kk-81jx-h7b8

url VCID-jt89-ruvk-1kbj

vulnerability_id VCID-jt89-ruvk-1kbj

summary The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9788

reference_id

reference_type

scores

value	0.52641
scoring_system	epss
scoring_elements	0.97921
published_at	2026-04-01T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97944
published_at	2026-04-13T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97934
published_at	2026-04-08T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97937
published_at	2026-04-09T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97941
published_at	2026-04-11T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97942
published_at	2026-04-12T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97924
published_at	2026-04-02T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97926
published_at	2026-04-04T12:55:00Z

value	0.52641
scoring_system	epss
scoring_elements	0.97929
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9788

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:N/A:P

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1470748
reference_id	1470748
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1470748

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467
reference_id	868467
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467

reference_url	https://security.archlinux.org/ASA-201707-15
reference_id	ASA-201707-15
reference_type
scores
url	https://security.archlinux.org/ASA-201707-15

reference_url

https://security.archlinux.org/AVG-350

reference_id

AVG-350

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-350

reference_url

https://httpd.apache.org/security/json/CVE-2017-9788.json

reference_id

CVE-2017-9788

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-9788.json

reference_url	https://security.gentoo.org/glsa/201710-32
reference_id	GLSA-201710-32
reference_type
scores
url	https://security.gentoo.org/glsa/201710-32

reference_url	https://access.redhat.com/errata/RHSA-2017:2478
reference_id	RHSA-2017:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2478

reference_url	https://access.redhat.com/errata/RHSA-2017:2479
reference_id	RHSA-2017:2479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2479

reference_url	https://access.redhat.com/errata/RHSA-2017:2483
reference_id	RHSA-2017:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2483

reference_url	https://access.redhat.com/errata/RHSA-2017:2708
reference_id	RHSA-2017:2708
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2708

reference_url	https://access.redhat.com/errata/RHSA-2017:2709
reference_id	RHSA-2017:2709
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2709

reference_url	https://access.redhat.com/errata/RHSA-2017:2710
reference_id	RHSA-2017:2710
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2710

reference_url	https://access.redhat.com/errata/RHSA-2017:3193
reference_id	RHSA-2017:3193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3193

reference_url	https://access.redhat.com/errata/RHSA-2017:3194
reference_id	RHSA-2017:3194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3194

reference_url	https://access.redhat.com/errata/RHSA-2017:3195
reference_id	RHSA-2017:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3195

reference_url	https://access.redhat.com/errata/RHSA-2017:3239
reference_id	RHSA-2017:3239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3239

reference_url	https://access.redhat.com/errata/RHSA-2017:3240
reference_id	RHSA-2017:3240
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3240

reference_url	https://usn.ubuntu.com/3370-1/
reference_id	USN-3370-1
reference_type
scores
url	https://usn.ubuntu.com/3370-1/

reference_url	https://usn.ubuntu.com/3370-2/
reference_id	USN-3370-2
reference_type
scores
url	https://usn.ubuntu.com/3370-2/

fixed_packages

url pkg:apache/httpd@2.4.27

purl pkg:apache/httpd@2.4.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.27

aliases CVE-2017-9788

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj

url VCID-jzuw-73df-mfff

vulnerability_id VCID-jzuw-73df-mfff

summary A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1301

reference_id

reference_type

scores

value	0.07499
scoring_system	epss
scoring_elements	0.91755
published_at	2026-04-01T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91798
published_at	2026-04-13T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91797
published_at	2026-04-09T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.918
published_at	2026-04-11T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91802
published_at	2026-04-12T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91764
published_at	2026-04-02T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.9177
published_at	2026-04-04T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.91777
published_at	2026-04-07T12:55:00Z

value	0.07499
scoring_system	epss
scoring_elements	0.9179
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560643
reference_id	1560643
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560643

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1301.json

reference_url

reference_id

CVE-2018-1301

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1301.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2020:1121
reference_id	RHSA-2020:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1121

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

reference_url	https://usn.ubuntu.com/3937-2/
reference_id	USN-3937-2
reference_type
scores
url	https://usn.ubuntu.com/3937-2/

fixed_packages

url pkg:apache/httpd@2.4.33

purl pkg:apache/httpd@2.4.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33

aliases CVE-2018-1301

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff

url VCID-pc2n-ga7g-byga

vulnerability_id VCID-pc2n-ga7g-byga

summary

Apache HTTP Server, prior to release 2.4.25 (and 2.2.32), accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member "the_request", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines.
RFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace.
These defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent.
These defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive; HttpProtocolOptions Strict which is the default behavior of 2.4.25 and later.
By toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8743

reference_id

reference_type

scores

value	0.08406
scoring_system	epss
scoring_elements	0.92291
published_at	2026-04-01T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.9233
published_at	2026-04-12T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.92322
published_at	2026-04-09T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.92328
published_at	2026-04-13T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.92298
published_at	2026-04-02T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.92304
published_at	2026-04-04T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.92307
published_at	2026-04-07T12:55:00Z

value	0.08406
scoring_system	epss
scoring_elements	0.92318
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8743

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1406822
reference_id	1406822
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1406822

reference_url

https://httpd.apache.org/security/json/CVE-2016-8743.json

reference_id

CVE-2016-8743

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-8743.json

reference_url	https://security.gentoo.org/glsa/201701-36
reference_id	GLSA-201701-36
reference_type
scores
url	https://security.gentoo.org/glsa/201701-36

reference_url	https://access.redhat.com/errata/RHSA-2017:0906
reference_id	RHSA-2017:0906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0906

reference_url	https://access.redhat.com/errata/RHSA-2017:1161
reference_id	RHSA-2017:1161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1161

reference_url	https://access.redhat.com/errata/RHSA-2017:1413
reference_id	RHSA-2017:1413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1413

reference_url	https://access.redhat.com/errata/RHSA-2017:1414
reference_id	RHSA-2017:1414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1414

reference_url	https://access.redhat.com/errata/RHSA-2017:1415
reference_id	RHSA-2017:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1415

reference_url	https://access.redhat.com/errata/RHSA-2017:1721
reference_id	RHSA-2017:1721
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1721

reference_url	https://usn.ubuntu.com/3279-1/
reference_id	USN-3279-1
reference_type
scores
url	https://usn.ubuntu.com/3279-1/

reference_url	https://usn.ubuntu.com/3373-1/
reference_id	USN-3373-1
reference_type
scores
url	https://usn.ubuntu.com/3373-1/

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2016-8743

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pc2n-ga7g-byga

url VCID-q5wm-suxb-jfeb

vulnerability_id VCID-q5wm-suxb-jfeb

summary The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15715

reference_id

reference_type

scores

value	0.94103
scoring_system	epss
scoring_elements	0.99909
published_at	2026-04-13T12:55:00Z

value	0.94103
scoring_system	epss
scoring_elements	0.99907
published_at	2026-04-08T12:55:00Z

value	0.94103
scoring_system	epss
scoring_elements	0.99908
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560614
reference_id	1560614
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560614

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-15715.json

reference_url

reference_id

CVE-2017-15715

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-15715.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

fixed_packages

url pkg:apache/httpd@2.4.33

purl pkg:apache/httpd@2.4.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33

aliases CVE-2017-15715

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb

url VCID-qayj-kts9-3fde

vulnerability_id VCID-qayj-kts9-3fde

summary Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-3167

reference_id

reference_type

scores

value	0.10349
scoring_system	epss
scoring_elements	0.93162
published_at	2026-04-01T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93191
published_at	2026-04-13T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93183
published_at	2026-04-08T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93187
published_at	2026-04-09T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93192
published_at	2026-04-11T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.9319
published_at	2026-04-12T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93172
published_at	2026-04-02T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93176
published_at	2026-04-04T12:55:00Z

value	0.10349
scoring_system	epss
scoring_elements	0.93174
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-3167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1463194
reference_id	1463194
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1463194

reference_url	https://security.archlinux.org/ASA-201706-34
reference_id	ASA-201706-34
reference_type
scores
url	https://security.archlinux.org/ASA-201706-34

reference_url

reference_id

AVG-316

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-3167.json

reference_url

reference_id

CVE-2017-3167

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2017-3167.json

reference_url	https://security.gentoo.org/glsa/201710-32
reference_id	GLSA-201710-32
reference_type
scores
url	https://security.gentoo.org/glsa/201710-32

reference_url	https://access.redhat.com/errata/RHSA-2017:2478
reference_id	RHSA-2017:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2478

reference_url	https://access.redhat.com/errata/RHSA-2017:2479
reference_id	RHSA-2017:2479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2479

reference_url	https://access.redhat.com/errata/RHSA-2017:2483
reference_id	RHSA-2017:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:2483

reference_url	https://access.redhat.com/errata/RHSA-2017:3193
reference_id	RHSA-2017:3193
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3193

reference_url	https://access.redhat.com/errata/RHSA-2017:3194
reference_id	RHSA-2017:3194
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3194

reference_url	https://access.redhat.com/errata/RHSA-2017:3195
reference_id	RHSA-2017:3195
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3195

reference_url	https://access.redhat.com/errata/RHSA-2017:3475
reference_id	RHSA-2017:3475
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3475

reference_url	https://access.redhat.com/errata/RHSA-2017:3476
reference_id	RHSA-2017:3476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3476

reference_url	https://access.redhat.com/errata/RHSA-2017:3477
reference_id	RHSA-2017:3477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3477

reference_url	https://usn.ubuntu.com/3340-1/
reference_id	USN-3340-1
reference_type
scores
url	https://usn.ubuntu.com/3340-1/

reference_url	https://usn.ubuntu.com/3373-1/
reference_id	USN-3373-1
reference_type
scores
url	https://usn.ubuntu.com/3373-1/

fixed_packages

url pkg:apache/httpd@2.4.26

purl pkg:apache/httpd@2.4.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-khfr-kgtb-rfam

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26

aliases CVE-2017-3167

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde

url VCID-rfqy-e7pv-dyfy

vulnerability_id VCID-rfqy-e7pv-dyfy

summary Malicious input to mod_auth_digest will cause the server to crash, and each instance continues to crash even for subsequently valid requests.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2161

reference_id

reference_type

scores

value	0.33186
scoring_system	epss
scoring_elements	0.96873
published_at	2026-04-01T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.96905
published_at	2026-04-13T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.96902
published_at	2026-04-11T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.96904
published_at	2026-04-12T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.9688
published_at	2026-04-02T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.96885
published_at	2026-04-04T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.9689
published_at	2026-04-07T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.96898
published_at	2026-04-08T12:55:00Z

value	0.33186
scoring_system	epss
scoring_elements	0.96899
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1406753
reference_id	1406753
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1406753

reference_url

https://httpd.apache.org/security/json/CVE-2016-2161.json

reference_id

CVE-2016-2161

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-2161.json

reference_url	https://security.gentoo.org/glsa/201701-36
reference_id	GLSA-201701-36
reference_type
scores
url	https://security.gentoo.org/glsa/201701-36

reference_url	https://access.redhat.com/errata/RHSA-2017:0906
reference_id	RHSA-2017:0906
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0906

reference_url	https://access.redhat.com/errata/RHSA-2017:1161
reference_id	RHSA-2017:1161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1161

reference_url	https://access.redhat.com/errata/RHSA-2017:1413
reference_id	RHSA-2017:1413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1413

reference_url	https://access.redhat.com/errata/RHSA-2017:1414
reference_id	RHSA-2017:1414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1414

reference_url	https://access.redhat.com/errata/RHSA-2017:1415
reference_id	RHSA-2017:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1415

reference_url	https://usn.ubuntu.com/3279-1/
reference_id	USN-3279-1
reference_type
scores
url	https://usn.ubuntu.com/3279-1/

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2016-2161

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqy-e7pv-dyfy

url VCID-scf1-zmu7-e3b2

vulnerability_id VCID-scf1-zmu7-e3b2

summary A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1303

reference_id

reference_type

scores

value	0.40137
scoring_system	epss
scoring_elements	0.97315
published_at	2026-04-01T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97337
published_at	2026-04-13T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97333
published_at	2026-04-09T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97335
published_at	2026-04-11T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97336
published_at	2026-04-12T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97321
published_at	2026-04-02T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97325
published_at	2026-04-04T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97326
published_at	2026-04-07T12:55:00Z

value	0.40137
scoring_system	epss
scoring_elements	0.97332
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560399
reference_id	1560399
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560399

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1303.json

reference_url

reference_id

CVE-2018-1303

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2018-1303.json

reference_url	https://access.redhat.com/errata/RHSA-2019:0366
reference_id	RHSA-2019:0366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0366

reference_url	https://access.redhat.com/errata/RHSA-2019:0367
reference_id	RHSA-2019:0367
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0367

reference_url	https://access.redhat.com/errata/RHSA-2020:3958
reference_id	RHSA-2020:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3958

reference_url	https://usn.ubuntu.com/3627-1/
reference_id	USN-3627-1
reference_type
scores
url	https://usn.ubuntu.com/3627-1/

reference_url	https://usn.ubuntu.com/3627-2/
reference_id	USN-3627-2
reference_type
scores
url	https://usn.ubuntu.com/3627-2/

fixed_packages

url pkg:apache/httpd@2.4.33

purl pkg:apache/httpd@2.4.33

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-7vfk-1dwm-xbbt

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-qc9j-x576-ayc1

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33

aliases CVE-2018-1303

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2

url VCID-tkm7-pyue-7ffj

vulnerability_id VCID-tkm7-pyue-7ffj

summary The HTTP/2 protocol implementation (mod_http2) had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8740.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8740.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-8740

reference_id

reference_type

scores

value	0.68259
scoring_system	epss
scoring_elements	0.98589
published_at	2026-04-01T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98603
published_at	2026-04-13T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98601
published_at	2026-04-11T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98602
published_at	2026-04-12T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.9859
published_at	2026-04-02T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98594
published_at	2026-04-04T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98595
published_at	2026-04-07T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98598
published_at	2026-04-08T12:55:00Z

value	0.68259
scoring_system	epss
scoring_elements	0.98599
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-8740

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1401528
reference_id	1401528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1401528

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124
reference_id	847124
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40909.py
reference_id	CVE-2016-8740
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40909.py

reference_url

https://httpd.apache.org/security/json/CVE-2016-8740.json

reference_id

CVE-2016-8740

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2016-8740.json

reference_url	https://security.gentoo.org/glsa/201701-36
reference_id	GLSA-201701-36
reference_type
scores
url	https://security.gentoo.org/glsa/201701-36

reference_url	https://access.redhat.com/errata/RHSA-2017:1161
reference_id	RHSA-2017:1161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1161

reference_url	https://access.redhat.com/errata/RHSA-2017:1413
reference_id	RHSA-2017:1413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1413

reference_url	https://access.redhat.com/errata/RHSA-2017:1414
reference_id	RHSA-2017:1414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1414

reference_url	https://access.redhat.com/errata/RHSA-2017:1415
reference_id	RHSA-2017:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1415

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2016-8740

risk_score 10.0

exploitability 2.0

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkm7-pyue-7ffj

url VCID-uwqg-yytc-vfae

vulnerability_id VCID-uwqg-yytc-vfae

summary When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0220

reference_id

reference_type

scores

value	0.20275
scoring_system	epss
scoring_elements	0.95478
published_at	2026-04-01T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95514
published_at	2026-04-13T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95507
published_at	2026-04-09T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95512
published_at	2026-04-11T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95513
published_at	2026-04-12T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95488
published_at	2026-04-02T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95494
published_at	2026-04-04T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95498
published_at	2026-04-07T12:55:00Z

value	0.20275
scoring_system	epss
scoring_elements	0.95505
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0220

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695036
reference_id	1695036
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695036

reference_url	https://security.archlinux.org/ASA-201904-3
reference_id	ASA-201904-3
reference_type
scores
url	https://security.archlinux.org/ASA-201904-3

reference_url

reference_id

AVG-946

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0220.json

reference_url

reference_id

CVE-2019-0220

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0220.json

reference_url	https://access.redhat.com/errata/RHSA-2019:2343
reference_id	RHSA-2019:2343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2343

reference_url	https://access.redhat.com/errata/RHSA-2019:3436
reference_id	RHSA-2019:3436
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3436

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://access.redhat.com/errata/RHSA-2020:0250
reference_id	RHSA-2020:0250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0250

reference_url	https://access.redhat.com/errata/RHSA-2020:0251
reference_id	RHSA-2020:0251
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0251

reference_url	https://usn.ubuntu.com/3937-1/
reference_id	USN-3937-1
reference_type
scores
url	https://usn.ubuntu.com/3937-1/

fixed_packages

url pkg:apache/httpd@2.4.39

purl pkg:apache/httpd@2.4.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.39

aliases CVE-2019-0220

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae

url VCID-v41h-pbbe-zfas

vulnerability_id VCID-v41h-pbbe-zfas

summary HTTP/2 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10081.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10081

reference_id

reference_type

scores

value	0.28784
scoring_system	epss
scoring_elements	0.96516
published_at	2026-04-01T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96549
published_at	2026-04-13T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96544
published_at	2026-04-09T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96546
published_at	2026-04-12T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96525
published_at	2026-04-02T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96529
published_at	2026-04-04T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96533
published_at	2026-04-07T12:55:00Z

value	0.28784
scoring_system	epss
scoring_elements	0.96542
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1743966
reference_id	1743966
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1743966

reference_url

https://httpd.apache.org/security/json/CVE-2019-10081.json

reference_id

CVE-2019-10081

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-10081.json

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2020:1336
reference_id	RHSA-2020:1336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1336

reference_url	https://access.redhat.com/errata/RHSA-2020:1337
reference_id	RHSA-2020:1337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1337

reference_url	https://access.redhat.com/errata/RHSA-2020:4751
reference_id	RHSA-2020:4751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4751

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:apache/httpd@2.4.41

purl pkg:apache/httpd@2.4.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41

aliases CVE-2019-10081

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v41h-pbbe-zfas

url VCID-w6p6-u8ku-k3f6

vulnerability_id VCID-w6p6-u8ku-k3f6

summary In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0217

reference_id

reference_type

scores

value	0.43022
scoring_system	epss
scoring_elements	0.97464
published_at	2026-04-01T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97488
published_at	2026-04-13T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97475
published_at	2026-04-07T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97481
published_at	2026-04-08T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97482
published_at	2026-04-09T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97485
published_at	2026-04-11T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97487
published_at	2026-04-12T12:55:00Z

value	0.43022
scoring_system	epss
scoring_elements	0.97471
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://httpd.apache.org/security/vulnerabilities_24.html
reference_id
reference_type
scores
url	https://httpd.apache.org/security/vulnerabilities_24.html

reference_url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/

reference_url	https://seclists.org/bugtraq/2019/Apr/5
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/5

reference_url	https://security.netapp.com/advisory/ntap-20190423-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190423-0001/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

reference_url	https://www.debian.org/security/2019/dsa-4422
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4422

reference_url	https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

reference_url	http://www.openwall.com/lists/oss-security/2019/04/02/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/04/02/5

reference_url	http://www.securityfocus.com/bid/107668
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107668

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695020
reference_id	1695020
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695020

reference_url	https://security.archlinux.org/ASA-201904-3
reference_id	ASA-201904-3
reference_type
scores
url	https://security.archlinux.org/ASA-201904-3

reference_url

reference_id

AVG-946

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0217.json

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::
reference_id	cpe:2.3:a:apache:http_server::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::
reference_id	cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_id	cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_id	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:::::::*
reference_id	cpe:2.3:o:netapp:clustered_data_ontap:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

reference_id

CVE-2019-0217

reference_type

scores

value	important
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-0217.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0217

reference_id

CVE-2019-0217

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0217

reference_url	https://access.redhat.com/errata/RHSA-2019:2343
reference_id	RHSA-2019:2343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2343

reference_url	https://access.redhat.com/errata/RHSA-2019:3436
reference_id	RHSA-2019:3436
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3436

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2019:4126
reference_id	RHSA-2019:4126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:4126

reference_url	https://usn.ubuntu.com/3937-1/
reference_id	USN-3937-1
reference_type
scores
url	https://usn.ubuntu.com/3937-1/

reference_url	https://usn.ubuntu.com/3937-2/
reference_id	USN-3937-2
reference_type
scores
url	https://usn.ubuntu.com/3937-2/

fixed_packages

url pkg:apache/httpd@2.4.39

purl pkg:apache/httpd@2.4.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-t67v-c4gx-ukbj

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.39

aliases CVE-2019-0217

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6

url VCID-wgte-97r1-j7a9

vulnerability_id VCID-wgte-97r1-j7a9

summary For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11985.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11985.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11985

reference_id

reference_type

scores

value	0.15318
scoring_system	epss
scoring_elements	0.94596
published_at	2026-04-01T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.94633
published_at	2026-04-13T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.94626
published_at	2026-04-09T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.9463
published_at	2026-04-11T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.94603
published_at	2026-04-02T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.9461
published_at	2026-04-04T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.94611
published_at	2026-04-07T12:55:00Z

value	0.15318
scoring_system	epss
scoring_elements	0.94621
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11985
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11985

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1866559
reference_id	1866559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1866559

reference_url

https://httpd.apache.org/security/json/CVE-2020-11985.json

reference_id

CVE-2020-11985

reference_type

scores

value	low
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-11985.json

reference_url	https://security.gentoo.org/glsa/202008-04
reference_id	GLSA-202008-04
reference_type
scores
url	https://security.gentoo.org/glsa/202008-04

reference_url	https://access.redhat.com/errata/RHSA-2017:1161
reference_id	RHSA-2017:1161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1161

fixed_packages

url pkg:apache/httpd@2.4.25

purl pkg:apache/httpd@2.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1189-ej89-hybs

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-3djp-gq4c-1fa9

vulnerability	VCID-5bej-9h7w-33c8

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-6vxq-uxxw-ybeh

vulnerability	VCID-7u2r-egf2-vfhx

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9qdr-1v39-d7b7

vulnerability	VCID-9vzm-qtye-ufh2

vulnerability	VCID-a9rw-3s1y-hqd7

vulnerability	VCID-apfh-r85v-dbhz

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-ct26-19cq-8kd7

vulnerability	VCID-e3jc-83a7-8uhh

vulnerability	VCID-eesz-v6ae-gya3

vulnerability	VCID-ehv1-yvpu-ubcg

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-fqem-96w3-rucb

vulnerability	VCID-fyrq-yg2u-jkc7

vulnerability	VCID-h6kk-81jx-h7b8

vulnerability	VCID-jt89-ruvk-1kbj

vulnerability	VCID-jzuw-73df-mfff

vulnerability	VCID-q5wm-suxb-jfeb

vulnerability	VCID-qayj-kts9-3fde

vulnerability	VCID-scf1-zmu7-e3b2

vulnerability	VCID-twj7-4qwm-2khv

vulnerability	VCID-uwqg-yytc-vfae

vulnerability	VCID-v41h-pbbe-zfas

vulnerability	VCID-w6p6-u8ku-k3f6

vulnerability	VCID-wshe-gf99-tbg6

vulnerability	VCID-y3k1-c4rn-xbc2

vulnerability	VCID-yz3c-arnr-y3cs

vulnerability	VCID-zc2p-sfu7-jkhc

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25

aliases CVE-2020-11985

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgte-97r1-j7a9

url VCID-y3k1-c4rn-xbc2

vulnerability_id VCID-y3k1-c4rn-xbc2

summary A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9517

reference_id

reference_type

scores

value	0.04564
scoring_system	epss
scoring_elements	0.89159
published_at	2026-04-02T12:55:00Z

value	0.04564
scoring_system	epss
scoring_elements	0.89153
published_at	2026-04-01T12:55:00Z

value	0.05964
scoring_system	epss
scoring_elements	0.90652
published_at	2026-04-13T12:55:00Z

value	0.05964
scoring_system	epss
scoring_elements	0.90648
published_at	2026-04-09T12:55:00Z

value	0.05964
scoring_system	epss
scoring_elements	0.90657
published_at	2026-04-12T12:55:00Z

value	0.05964
scoring_system	epss
scoring_elements	0.90624
published_at	2026-04-04T12:55:00Z

value	0.05964
scoring_system	epss
scoring_elements	0.90631
published_at	2026-04-07T12:55:00Z

value	0.05964
scoring_system	epss
scoring_elements	0.90643
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9517

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1741868
reference_id	1741868
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1741868

reference_url

https://httpd.apache.org/security/json/CVE-2019-9517.json

reference_id

CVE-2019-9517

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2019-9517.json

reference_url	https://security.gentoo.org/glsa/201909-04
reference_id	GLSA-201909-04
reference_type
scores
url	https://security.gentoo.org/glsa/201909-04

reference_url	https://access.redhat.com/errata/RHSA-2019:2893
reference_id	RHSA-2019:2893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2893

reference_url	https://access.redhat.com/errata/RHSA-2019:2946
reference_id	RHSA-2019:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2946

reference_url	https://access.redhat.com/errata/RHSA-2019:2949
reference_id	RHSA-2019:2949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2949

reference_url	https://access.redhat.com/errata/RHSA-2019:2950
reference_id	RHSA-2019:2950
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2950

reference_url	https://access.redhat.com/errata/RHSA-2019:3932
reference_id	RHSA-2019:3932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3932

reference_url	https://access.redhat.com/errata/RHSA-2019:3933
reference_id	RHSA-2019:3933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3933

reference_url	https://access.redhat.com/errata/RHSA-2019:3935
reference_id	RHSA-2019:3935
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3935

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:0983
reference_id	RHSA-2020:0983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0983

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

reference_url	https://usn.ubuntu.com/4113-1/
reference_id	USN-4113-1
reference_type
scores
url	https://usn.ubuntu.com/4113-1/

fixed_packages

url pkg:apache/httpd@2.4.41

purl pkg:apache/httpd@2.4.41

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17hy-4ppt-xyhw

vulnerability	VCID-5xrt-1n1q-4bey

vulnerability	VCID-66k7-maf9-dfcd

vulnerability	VCID-91u7-vh6n-v7fm

vulnerability	VCID-9ych-ybpr-j3h6

vulnerability	VCID-auhk-ppv5-buaa

vulnerability	VCID-bvkg-nrwd-e7g8

vulnerability	VCID-f2y3-s6j8-7ygr

vulnerability	VCID-g6xr-qtwz-2yaq

resource_url http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41

aliases CVE-2019-9517

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y3k1-c4rn-xbc2

url VCID-yz3c-arnr-y3cs

vulnerability_id VCID-yz3c-arnr-y3cs

summary

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11993.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11993

reference_id

reference_type

scores

value	0.33361
scoring_system	epss
scoring_elements	0.96887
published_at	2026-04-01T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96919
published_at	2026-04-13T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96916
published_at	2026-04-11T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96918
published_at	2026-04-12T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96894
published_at	2026-04-02T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96899
published_at	2026-04-04T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96904
published_at	2026-04-07T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96912
published_at	2026-04-08T12:55:00Z

value	0.33361
scoring_system	epss
scoring_elements	0.96914
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1866564
reference_id	1866564
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1866564

reference_url

https://httpd.apache.org/security/json/CVE-2020-11993.json

reference_id

CVE-2020-11993

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2020-11993.json

reference_url	https://security.gentoo.org/glsa/202008-04
reference_id	GLSA-202008-04
reference_type
scores
url	https://security.gentoo.org/glsa/202008-04

reference_url	https://access.redhat.com/errata/RHSA-2020:4383
reference_id	RHSA-2020:4383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4383

reference_url	https://access.redhat.com/errata/RHSA-2020:4384
reference_id	RHSA-2020:4384
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4384

reference_url	https://access.redhat.com/errata/RHSA-2021:1809
reference_id	RHSA-2021:1809
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1809

reference_url	https://usn.ubuntu.com/4458-1/
reference_id	USN-4458-1
reference_type
scores
url	https://usn.ubuntu.com/4458-1/

fixed_packages

url	pkg:apache/httpd@2.4.44
purl	pkg:apache/httpd@2.4.44
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.44

aliases CVE-2020-11993

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz3c-arnr-y3cs

url VCID-zc2p-sfu7-jkhc

vulnerability_id VCID-zc2p-sfu7-jkhc

summary mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15710

reference_id

reference_type

scores

value	0.08002
scoring_system	epss
scoring_elements	0.92065
published_at	2026-04-01T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92105
published_at	2026-04-12T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92097
published_at	2026-04-08T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.921
published_at	2026-04-13T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92104
published_at	2026-04-11T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92072
published_at	2026-04-02T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.9208
published_at	2026-04-04T12:55:00Z

value	0.08002
scoring_system	epss
scoring_elements	0.92085
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1560599
reference_id	1560599
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1560599

reference_url	https://security.archlinux.org/ASA-201804-4
reference_id	ASA-201804-4
reference_type
scores
url	https://security.archlinux.org/ASA-201804-4

reference_url

reference_id

AVG-664

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url