{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","type":"apache","namespace":"","name":"httpd","version":"2.4.48","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.54","latest_non_vulnerable_version":"2.4.54","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3817?format=json","vulnerability_id":"VCID-9u53-b79b-cfgd","summary":"Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798","reference_id":"","reference_type":"","scores":[{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93255","published_at":"2026-05-14T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93221","published_at":"2026-05-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93231","published_at":"2026-05-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93238","published_at":"2026-05-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93151","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93162","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93166","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93187","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93191","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.932","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93204","published_at":"2026-04-26T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93201","published_at":"2026-04-29T12:55:00Z"},{"value":"0.1029","scoring_system":"epss","scoring_elements":"0.93207","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128","reference_id":"2005128","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005128"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-34798.json","reference_id":"CVE-2021-34798","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-34798.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/565?format=json","purl":"pkg:apache/httpd@2.4.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"},{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49"}],"aliases":["CVE-2021-34798"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3816?format=json","vulnerability_id":"VCID-db6k-j9mj-e7hy","summary":"A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193","reference_id":"","reference_type":"","scores":[{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68634","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.6858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00569","scoring_system":"epss","scoring_elements":"0.68629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69792","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69863","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69836","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69866","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69913","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69818","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.729","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72839","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72846","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72866","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72841","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72879","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72892","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72934","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72943","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728","reference_id":"1966728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966728"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-33193.json","reference_id":"CVE-2021-33193","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-33193.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/565?format=json","purl":"pkg:apache/httpd@2.4.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"},{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49"}],"aliases":["CVE-2021-33193"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3820?format=json","vulnerability_id":"VCID-mtg7-8556-kbgd","summary":"A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438","reference_id":"","reference_type":"","scores":[{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-05-11T12:55:00Z"},{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99986","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94432","scoring_system":"epss","scoring_elements":"0.99984","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117","reference_id":"2005117","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005117"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_id":"cisco-sa-apache-httpd-2.4.49-VWL69sWQ","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-40438.json","reference_id":"CVE-2021-40438","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-40438.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4982","reference_id":"dsa-4982","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.debian.org/security/2021/dsa-4982"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211008-0004/","reference_id":"ntap-20211008-0004","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211008-0004/"},{"reference_url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_id":"r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_id":"r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_id":"r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_id":"r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_id":"r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_id":"r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_id":"rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3745","reference_id":"RHSA-2021:3745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3746","reference_id":"RHSA-2021:3746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3754","reference_id":"RHSA-2021:3754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3836","reference_id":"RHSA-2021:3836","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3836"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3837","reference_id":"RHSA-2021:3837","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3856","reference_id":"RHSA-2021:3856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3856"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/","reference_id":"SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf","reference_id":"ssa-685781.pdf","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"},{"reference_url":"https://www.tenable.com/security/tns-2021-17","reference_id":"tns-2021-17","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://www.tenable.com/security/tns-2021-17"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/","reference_id":"ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/565?format=json","purl":"pkg:apache/httpd@2.4.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"},{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49"}],"aliases":["CVE-2021-40438"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3818?format=json","vulnerability_id":"VCID-rdtq-8ng5-53fn","summary":"A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160","reference_id":"","reference_type":"","scores":[{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.88013","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.88006","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87943","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87947","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87974","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87985","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87978","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.8799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03716","scoring_system":"epss","scoring_elements":"0.87991","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89452","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89423","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89421","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89431","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89382","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89391","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04687","scoring_system":"epss","scoring_elements":"0.89409","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124","reference_id":"2005124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005124"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-36160.json","reference_id":"CVE-2021-36160","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-36160.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/565?format=json","purl":"pkg:apache/httpd@2.4.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"},{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49"}],"aliases":["CVE-2021-36160"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3819?format=json","vulnerability_id":"VCID-wrw6-uzz4-rkfb","summary":"ap_escape_quotes() may write beyond the end of a buffer when given malicious input.  \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275","reference_id":"","reference_type":"","scores":[{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97171","published_at":"2026-04-01T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-05-14T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97229","published_at":"2026-05-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97235","published_at":"2026-05-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.9724","published_at":"2026-05-12T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97177","published_at":"2026-04-02T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97183","published_at":"2026-04-07T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97193","published_at":"2026-04-08T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97199","published_at":"2026-04-13T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97209","published_at":"2026-04-18T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-24T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97215","published_at":"2026-04-29T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.9722","published_at":"2026-05-05T12:55:00Z"},{"value":"0.37674","scoring_system":"epss","scoring_elements":"0.97225","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119","reference_id":"2005119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005119"},{"reference_url":"https://security.archlinux.org/AVG-2289","reference_id":"AVG-2289","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2289"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-39275.json","reference_id":"CVE-2021-39275","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-39275.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0891","reference_id":"RHSA-2022:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6753","reference_id":"RHSA-2022:6753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"},{"reference_url":"https://usn.ubuntu.com/5090-1/","reference_id":"USN-5090-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-1/"},{"reference_url":"https://usn.ubuntu.com/5090-2/","reference_id":"USN-5090-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5090-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/565?format=json","purl":"pkg:apache/httpd@2.4.49","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ffpe-1ctd-77e9"},{"vulnerability":"VCID-hj5r-jms3-x3fe"},{"vulnerability":"VCID-qn74-neyt-jkg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.49"}],"aliases":["CVE-2021-39275"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3813?format=json","vulnerability_id":"VCID-17hy-4ppt-xyhw","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691","reference_id":"","reference_type":"","scores":[{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97365","published_at":"2026-04-29T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97361","published_at":"2026-04-26T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97332","published_at":"2026-04-02T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97336","published_at":"2026-04-07T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97343","published_at":"2026-04-08T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-04-09T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97346","published_at":"2026-04-11T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97347","published_at":"2026-04-12T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97356","published_at":"2026-04-16T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.9736","published_at":"2026-04-24T12:55:00Z"},{"value":"0.40357","scoring_system":"epss","scoring_elements":"0.97359","published_at":"2026-04-18T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97745","published_at":"2026-05-14T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.9773","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97732","published_at":"2026-05-11T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97737","published_at":"2026-05-12T12:55:00Z"},{"value":"0.47816","scoring_system":"epss","scoring_elements":"0.97728","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732","reference_id":"1966732","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966732"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26691.json","reference_id":"CVE-2021-26691","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26691.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3816","reference_id":"RHSA-2021:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0143","reference_id":"RHSA-2022:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0143"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2021-26691"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3811?format=json","vulnerability_id":"VCID-66k7-maf9-dfcd","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452","reference_id":"","reference_type":"","scores":[{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93241","published_at":"2026-05-12T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93234","published_at":"2026-05-11T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93258","published_at":"2026-05-14T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93204","published_at":"2026-04-29T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.9321","published_at":"2026-05-05T12:55:00Z"},{"value":"0.10294","scoring_system":"epss","scoring_elements":"0.93224","published_at":"2026-05-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.9332","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93319","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93337","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93342","published_at":"2026-04-18T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93349","published_at":"2026-04-26T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-24T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93318","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93297","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10695","scoring_system":"epss","scoring_elements":"0.93315","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724","reference_id":"1966724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966724"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-35452.json","reference_id":"CVE-2020-35452","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-35452.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1915","reference_id":"RHSA-2022:1915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1915"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2020-35452"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3815?format=json","vulnerability_id":"VCID-6b7y-562y-suce","summary":"Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected  mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618","reference_id":"","reference_type":"","scores":[{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93503","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.934","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93392","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93491","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93484","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93485","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93474","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93461","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93455","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.9346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93456","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.9345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93445","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93425","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11001","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013","reference_id":"1968013","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/13/2","reference_id":"2","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/13/2"},{"reference_url":"https://seclists.org/oss-sec/2021/q2/206","reference_id":"206","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://seclists.org/oss-sec/2021/q2/206"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/","reference_id":"2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/06/10/9","reference_id":"9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/06/10/9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562","reference_id":"989562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/","reference_id":"A73QJ4HPUMU26I6EULG6SCK67TUEXZYR","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/"},{"reference_url":"https://security.archlinux.org/ASA-202106-23","reference_id":"ASA-202106-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-23"},{"reference_url":"https://security.archlinux.org/AVG-2041","reference_id":"AVG-2041","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2041"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-31618.json","reference_id":"CVE-2021-31618","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-31618.json"},{"reference_url":"https://www.debian.org/security/2021/dsa-4937","reference_id":"dsa-4937","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://www.debian.org/security/2021/dsa-4937"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210727-0008/","reference_id":"ntap-20210727-0008","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210727-0008/"},{"reference_url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_id":"r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_id":"r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/"}],"url":"https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2021-31618"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3809?format=json","vulnerability_id":"VCID-91u7-vh6n-v7fm","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21628","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21943","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21839","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21894","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21808","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21811","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21818","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21634","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21782","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32432","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32343","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32365","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32364","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32426","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32438","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006","reference_id":"1970006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006"},{"reference_url":"https://security.archlinux.org/AVG-2054","reference_id":"AVG-2054","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2054"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13938.json","reference_id":"CVE-2020-13938","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13938.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2020-13938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3810?format=json","vulnerability_id":"VCID-9ych-ybpr-j3h6","summary":"Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950","reference_id":"","reference_type":"","scores":[{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95684","published_at":"2026-04-01T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95779","published_at":"2026-05-14T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95755","published_at":"2026-05-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95761","published_at":"2026-05-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95765","published_at":"2026-05-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95693","published_at":"2026-04-02T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.9571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95714","published_at":"2026-04-09T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95717","published_at":"2026-04-11T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95716","published_at":"2026-04-12T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95718","published_at":"2026-04-13T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95727","published_at":"2026-04-16T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95732","published_at":"2026-04-29T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95734","published_at":"2026-04-26T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95747","published_at":"2026-05-05T12:55:00Z"},{"value":"0.21543","scoring_system":"epss","scoring_elements":"0.95749","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738","reference_id":"1966738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966738"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13950.json","reference_id":"CVE-2020-13950","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13950.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5163","reference_id":"RHSA-2022:5163","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5163"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2020-13950"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3812?format=json","vulnerability_id":"VCID-bvkg-nrwd-e7g8","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690","reference_id":"","reference_type":"","scores":[{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.9859","published_at":"2026-05-14T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98586","published_at":"2026-05-11T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98587","published_at":"2026-05-12T12:55:00Z"},{"value":"0.67416","scoring_system":"epss","scoring_elements":"0.98585","published_at":"2026-05-05T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98695","published_at":"2026-04-24T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98697","published_at":"2026-04-26T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98698","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98687","published_at":"2026-04-13T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98681","published_at":"2026-04-07T12:55:00Z"},{"value":"0.70379","scoring_system":"epss","scoring_elements":"0.98682","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729","reference_id":"1966729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966729"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-26690.json","reference_id":"CVE-2021-26690","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-26690.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2021-26690"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3802?format=json","vulnerability_id":"VCID-f2y3-s6j8-7ygr","summary":"Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567","reference_id":"","reference_type":"","scores":[{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93865","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93987","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93963","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93969","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93973","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93886","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93895","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93898","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93924","published_at":"2026-04-16T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93933","published_at":"2026-04-24T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93932","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93941","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12438","scoring_system":"epss","scoring_elements":"0.93952","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740","reference_id":"1966740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966740"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-17567.json","reference_id":"CVE-2019-17567","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-17567.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2019-17567"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3814?format=json","vulnerability_id":"VCID-g6xr-qtwz-2yaq","summary":"Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641","reference_id":"","reference_type":"","scores":[{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97082","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97162","published_at":"2026-05-14T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97144","published_at":"2026-05-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97149","published_at":"2026-05-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97155","published_at":"2026-05-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97095","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.9711","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97119","published_at":"2026-04-16T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97127","published_at":"2026-04-21T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97131","published_at":"2026-04-26T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97132","published_at":"2026-04-29T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97135","published_at":"2026-05-05T12:55:00Z"},{"value":"0.36362","scoring_system":"epss","scoring_elements":"0.97139","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743","reference_id":"1966743","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966743"},{"reference_url":"https://security.archlinux.org/AVG-2053","reference_id":"AVG-2053","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2053"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-30641.json","reference_id":"CVE-2021-30641","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-30641.json"},{"reference_url":"https://security.gentoo.org/glsa/202107-38","reference_id":"GLSA-202107-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4257","reference_id":"RHSA-2021:4257","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4257"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4613","reference_id":"RHSA-2021:4613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4614","reference_id":"RHSA-2021:4614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4614"},{"reference_url":"https://usn.ubuntu.com/4994-1/","reference_id":"USN-4994-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-1/"},{"reference_url":"https://usn.ubuntu.com/4994-2/","reference_id":"USN-4994-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4994-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/560?format=json","purl":"pkg:apache/httpd@2.4.48","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9u53-b79b-cfgd"},{"vulnerability":"VCID-db6k-j9mj-e7hy"},{"vulnerability":"VCID-mtg7-8556-kbgd"},{"vulnerability":"VCID-rdtq-8ng5-53fn"},{"vulnerability":"VCID-wrw6-uzz4-rkfb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}],"aliases":["CVE-2021-30641"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48"}