{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","type":"deb","namespace":"debian","name":"apache2","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.36","latest_non_vulnerable_version":"2.4.66-8","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90504?format=json","vulnerability_id":"VCID-27q1-umct-1qe3","summary":"Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL.  NOTE: the vendor could not reproduce this issue","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6423.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6423.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6423","reference_id":"","reference_type":"","scores":[{"value":"0.0366","scoring_system":"epss","scoring_elements":"0.87889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0366","scoring_system":"epss","scoring_elements":"0.87886","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0366","scoring_system":"epss","scoring_elements":"0.87897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0366","scoring_system":"epss","scoring_elements":"0.87891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0366","scoring_system":"epss","scoring_elements":"0.87858","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0366","scoring_system":"epss","scoring_elements":"0.8788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04888","scoring_system":"epss","scoring_elements":"0.89546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04888","scoring_system":"epss","scoring_elements":"0.89559","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04888","scoring_system":"epss","scoring_elements":"0.89543","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6423"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2007-6423"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27q1-umct-1qe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90298?format=json","vulnerability_id":"VCID-35pg-v3ae-8kct","summary":"The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1138.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1138","reference_id":"","reference_type":"","scores":[{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89922","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89944","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.8996","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89966","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89972","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05234","scoring_system":"epss","scoring_elements":"0.89965","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-1138"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/23296.txt","reference_id":"CVE-2003-1138;OSVDB-19137","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/23296.txt"},{"reference_url":"https://www.securityfocus.com/bid/8898/info","reference_id":"CVE-2003-1138;OSVDB-19137","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/8898/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2003-1138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35pg-v3ae-8kct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3858?format=json","vulnerability_id":"VCID-4jfa-3r1g-m7h8","summary":"SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40898.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40898","reference_id":"","reference_type":"","scores":[{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67936","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.6796","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67971","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67897","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67915","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67895","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00549","scoring_system":"epss","scoring_elements":"0.67946","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40898"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2298648","reference_id":"2298648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2298648"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-40898.json","reference_id":"CVE-2024-40898","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-40898.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6928","reference_id":"RHSA-2024:6928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6928"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2024-40898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4jfa-3r1g-m7h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3692?format=json","vulnerability_id":"VCID-699n-tvdd-qkgj","summary":"The recall_headers function in mod_mem_cache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.","references":[{"reference_url":"http://bugs.gentoo.org/show_bug.cgi?id=186219","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.gentoo.org/show_bug.cgi?id=186219"},{"reference_url":"http://httpd.apache.org/security/vulnerabilities_22.html","reference_id":"","reference_type":"","scores":[],"url":"http://httpd.apache.org/security/vulnerabilities_22.html"},{"reference_url":"http://issues.apache.org/bugzilla/show_bug.cgi?id=41551","reference_id":"","reference_type":"","scores":[],"url":"http://issues.apache.org/bugzilla/show_bug.cgi?id=41551"},{"reference_url":"http://osvdb.org/38641","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/38641"},{"reference_url":"http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff","reference_id":"","reference_type":"","scores":[],"url":"http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1862.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1862","reference_id":"","reference_type":"","scores":[{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93305","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93276","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93306","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93304","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93284","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.9329","published_at":"2026-04-04T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93289","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93297","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10659","scoring_system":"epss","scoring_elements":"0.93302","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1862"},{"reference_url":"http://secunia.com/advisories/26273","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/26273"},{"reference_url":"http://secunia.com/advisories/26842","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/26842"},{"reference_url":"http://secunia.com/advisories/27563","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/27563"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200711-06.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-200711-06.xml"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:127","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:127"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"},{"reference_url":"http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"},{"reference_url":"http://www.securityfocus.com/bid/24553","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/24553"},{"reference_url":"http://www.vupen.com/english/advisories/2007/2231","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/2231"},{"reference_url":"http://www.vupen.com/english/advisories/2007/2727","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2007/2727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=242606","reference_id":"242606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=242606"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2007-1862.json","reference_id":"CVE-2007-1862","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2007-1862.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1862","reference_id":"CVE-2007-1862","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-1862"},{"reference_url":"https://security.gentoo.org/glsa/200711-06","reference_id":"GLSA-200711-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200711-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2007-1862"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-699n-tvdd-qkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3720?format=json","vulnerability_id":"VCID-7krj-8vat-3ydy","summary":"A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0425","reference_id":"","reference_type":"","scores":[{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-04-13T12:55:00Z"},{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.99421","published_at":"2026-04-01T12:55:00Z"},{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.9942","published_at":"2026-04-02T12:55:00Z"},{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.99422","published_at":"2026-04-07T12:55:00Z"},{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.99423","published_at":"2026-04-08T12:55:00Z"},{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.99424","published_at":"2026-04-09T12:55:00Z"},{"value":"0.86822","scoring_system":"epss","scoring_elements":"0.99426","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0425"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2010-0425.json","reference_id":"CVE-2010-0425","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2010-0425.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/11650.c","reference_id":"CVE-2010-0425;OSVDB-62674","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/11650.c"},{"reference_url":"http://www.senseofsecurity.com.au/advisories/SOS-10-002","reference_id":"CVE-2010-0425;OSVDB-62674","reference_type":"exploit","scores":[],"url":"http://www.senseofsecurity.com.au/advisories/SOS-10-002"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2010-0425"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7krj-8vat-3ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3809?format=json","vulnerability_id":"VCID-91u7-vh6n-v7fm","summary":"Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21808","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21943","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21761","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21839","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21894","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13938"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006","reference_id":"1970006","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970006"},{"reference_url":"https://security.archlinux.org/AVG-2054","reference_id":"AVG-2054","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2054"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-13938.json","reference_id":"CVE-2020-13938","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-13938.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2020-13938"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/154920?format=json","vulnerability_id":"VCID-a38m-yzz2-qfcv","summary":"The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3675","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54725","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54786","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54837","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54834","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54844","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54827","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54804","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3675"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2015-3675"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a38m-yzz2-qfcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3861?format=json","vulnerability_id":"VCID-b9ks-detx-nkdw","summary":"Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via \nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43394.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43394","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1559","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15658","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16098","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16096","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379332","reference_id":"2379332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379332"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-43394.json","reference_id":"CVE-2024-43394","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-43394.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584090?format=json","purl":"pkg:deb/debian/apache2@2.4.65-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.65-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2024-43394"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ks-detx-nkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3831?format=json","vulnerability_id":"VCID-dg2r-uz3a-dug5","summary":"Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28330.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28330.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28330","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68086","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68133","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.6812","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68045","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68064","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68094","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68109","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-28330"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095000","reference_id":"2095000","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095000"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2022-28330.json","reference_id":"CVE-2022-28330","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2022-28330.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8841","reference_id":"RHSA-2022:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2022-28330"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg2r-uz3a-dug5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3724?format=json","vulnerability_id":"VCID-drp9-bvkd-4kaq","summary":"An information disclosure flaw was found in mod_proxy_http in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those configurations which trigger the use of proxy worker pools are affected. There was no vulnerability on earlier versions, as proxy pools were not yet introduced.\nThe simplest workaround is to globally configure;\nSetEnv proxy-nokeepalive 1","references":[{"reference_url":"http://httpd.apache.org/security/vulnerabilities_22.html","reference_id":"","reference_type":"","scores":[],"url":"http://httpd.apache.org/security/vulnerabilities_22.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E"},{"reference_url":"http://marc.info/?l=apache-announce&m=128009718610929&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=apache-announce&m=128009718610929&w=2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2068","reference_id":"","reference_type":"","scores":[{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.9239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.9235","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92389","published_at":"2026-04-11T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92392","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92356","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92363","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92367","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92379","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08537","scoring_system":"epss","scoring_elements":"0.92384","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2068"},{"reference_url":"http://secunia.com/advisories/40206","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40206"},{"reference_url":"http://secunia.com/advisories/40824","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/40824"},{"reference_url":"http://secunia.com/advisories/41480","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41480"},{"reference_url":"http://secunia.com/advisories/41490","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41490"},{"reference_url":"http://secunia.com/advisories/41722","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/41722"},{"reference_url":"http://securitytracker.com/id?1024096","reference_id":"","reference_type":"","scores":[],"url":"http://securitytracker.com/id?1024096"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/59413","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/59413"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931"},{"reference_url":"http://support.apple.com/kb/HT4581","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT4581"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4"},{"reference_url":"http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch"},{"reference_url":"http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch"},{"reference_url":"http://www.ibm.com/support/docview.wss?uid=swg1PM16366","reference_id":"","reference_type":"","scores":[],"url":"http://www.ibm.com/support/docview.wss?uid=swg1PM16366"},{"reference_url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995","reference_id":"","reference_type":"","scores":[],"url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.redhat.com/support/errata/RHSA-2011-0896.html"},{"reference_url":"http://www.securityfocus.com/archive/1/511809/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/511809/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/40827","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/40827"},{"reference_url":"http://www.vupen.com/english/advisories/2010/1436","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2010/1436"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.4:alpha:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.3.5:alpha:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2010-2068.json","reference_id":"CVE-2010-2068","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2010-2068.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2068","reference_id":"CVE-2010-2068","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-2068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2010-2068"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drp9-bvkd-4kaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3738?format=json","vulnerability_id":"VCID-ehff-j1pz-b7e8","summary":"The modules mod_proxy_ajp and mod_proxy_http did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users.","references":[{"reference_url":"http://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"http://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3502.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3502","reference_id":"","reference_type":"","scores":[{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88073","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88014","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88079","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88072","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88063","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03787","scoring_system":"epss","scoring_elements":"0.88069","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3502"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"http://www.apache.org/dist/httpd/CHANGES_2.4.3","reference_id":"","reference_type":"","scores":[],"url":"http://www.apache.org/dist/httpd/CHANGES_2.4.3"},{"reference_url":"http://www.securityfocus.com/bid/55131","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55131"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=850776","reference_id":"850776","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=850776"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2012-3502.json","reference_id":"CVE-2012-3502","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2012-3502.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3502","reference_id":"CVE-2012-3502","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3502"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2012-3502"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehff-j1pz-b7e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3735?format=json","vulnerability_id":"VCID-ese4-47tg-efbw","summary":"Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0883.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0883","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4166","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41584","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41671","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41698","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41626","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41684","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41707","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41674","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0883"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=813559","reference_id":"813559","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=813559"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2012-0883.json","reference_id":"CVE-2012-0883","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2012-0883.json"},{"reference_url":"https://security.gentoo.org/glsa/201206-25","reference_id":"GLSA-201206-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1594","reference_id":"RHSA-2012:1594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1594"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2012-0883"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ese4-47tg-efbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3822?format=json","vulnerability_id":"VCID-ffpe-1ctd-77e9","summary":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache 2.4.49 and not earlier versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41773","reference_id":"","reference_type":"","scores":[{"value":"0.94391","scoring_system":"epss","scoring_elements":"0.99973","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41773"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/09/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/16/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/05/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/05/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/2","reference_id":"2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010757","reference_id":"2010757","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010757"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/15/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/11/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/11/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/5","reference_id":"5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/6","reference_id":"6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/6"},{"reference_url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_id":"Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html","reference_id":"Apache-HTTP-Server-2.4.49-Path-Traversal.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html"},{"reference_url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"https://security.archlinux.org/AVG-2442","reference_id":"AVG-2442","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2442"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_id":"cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh","reference_id":"CVE-2021-41773","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-41773.json","reference_id":"CVE-2021-41773","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-41773.json"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py","reference_id":"CVE-2021-42013;CVE-2021-41773","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0009/","reference_id":"ntap-20211029-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0009/"},{"reference_url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_id":"r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E","reference_id":"r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_id":"r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E","reference_id":"r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_id":"rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/","reference_id":"RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/","reference_id":"WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/585412?format=json","purl":"pkg:deb/debian/apache2@2.4.50-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.50-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2021-41773"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83872?format=json","vulnerability_id":"VCID-ge2x-rh2r-kqb2","summary":"httpd: # character matches all IPs","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12171.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12171","reference_id":"","reference_type":"","scores":[{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81318","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81327","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81349","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81347","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81376","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81402","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.8139","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01543","scoring_system":"epss","scoring_elements":"0.81382","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12171"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1493056","reference_id":"1493056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1493056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2972","reference_id":"RHSA-2017:2972","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2972"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2017-12171"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ge2x-rh2r-kqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3821?format=json","vulnerability_id":"VCID-hj5r-jms3-x3fe","summary":"While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41524","reference_id":"","reference_type":"","scores":[{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91488","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91534","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91535","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91495","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.9151","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07103","scoring_system":"epss","scoring_elements":"0.91529","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010934","reference_id":"2010934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010934"},{"reference_url":"https://security.archlinux.org/AVG-2442","reference_id":"AVG-2442","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2442"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-41524.json","reference_id":"CVE-2021-41524","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-41524.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7143","reference_id":"RHSA-2022:7143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7144","reference_id":"RHSA-2022:7144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7144"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/585412?format=json","purl":"pkg:deb/debian/apache2@2.4.50-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.50-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2021-41524"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3774?format=json","vulnerability_id":"VCID-khfr-kgtb-rfam","summary":"When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9789","reference_id":"","reference_type":"","scores":[{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93796","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.9383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93835","published_at":"2026-04-12T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93805","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12192","scoring_system":"epss","scoring_elements":"0.93814","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9789"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470750","reference_id":"1470750","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1470750"},{"reference_url":"https://security.archlinux.org/ASA-201707-15","reference_id":"ASA-201707-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-15"},{"reference_url":"https://security.archlinux.org/AVG-350","reference_id":"AVG-350","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-350"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2017-9789.json","reference_id":"CVE-2017-9789","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2017-9789.json"},{"reference_url":"https://security.gentoo.org/glsa/201710-32","reference_id":"GLSA-201710-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-32"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2017-9789"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3849?format=json","vulnerability_id":"VCID-nbar-1p1f-bqfk","summary":"SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38472.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-38472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38472","reference_id":"","reference_type":"","scores":[{"value":"0.90493","scoring_system":"epss","scoring_elements":"0.9961","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90493","scoring_system":"epss","scoring_elements":"0.99608","published_at":"2026-04-07T12:55:00Z"},{"value":"0.90493","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-11T12:55:00Z"},{"value":"0.90493","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-04-02T12:55:00Z"},{"value":"0.90493","scoring_system":"epss","scoring_elements":"0.99607","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-38472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295011","reference_id":"2295011","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295011"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-38472.json","reference_id":"CVE-2024-38472","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-38472.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6928","reference_id":"RHSA-2024:6928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6928"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2024-38472"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbar-1p1f-bqfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3870?format=json","vulnerability_id":"VCID-pru9-2rza-qycd","summary":"Server-Side Request Forgery (SSRF) vulnerability \n\n in Apache HTTP Server on Windows \n\nwith AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM \nhashes to a malicious server via SSRF and malicious requests or content\n\nUsers are recommended to upgrade to version 2.4.66, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59775.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59775","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17765","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17718","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21743","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2184","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21695","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21773","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2183","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-59775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419141","reference_id":"2419141","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419141"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-59775.json","reference_id":"CVE-2025-59775","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-59775.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2025-59775"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pru9-2rza-qycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3856?format=json","vulnerability_id":"VCID-pz6f-mahv-hue8","summary":"A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.   \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39884","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47857","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.47871","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295761","reference_id":"2295761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295761"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/17/6","reference_id":"6","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/17/6"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2024-39884.json","reference_id":"CVE-2024-39884","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2024-39884.json"},{"reference_url":"https://security.gentoo.org/glsa/202409-31","reference_id":"GLSA-202409-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240712-0002/","reference_id":"ntap-20240712-0002","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T13:54:22Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240712-0002/"},{"reference_url":"https://usn.ubuntu.com/6885-1/","reference_id":"USN-6885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583583?format=json","purl":"pkg:deb/debian/apache2@2.4.61-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.61-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2024-39884"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pz6f-mahv-hue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3823?format=json","vulnerability_id":"VCID-qn74-neyt-jkg9","summary":"It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.  An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.  \n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42013","reference_id":"","reference_type":"","scores":[{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99979","published_at":"2026-04-02T12:55:00Z"},{"value":"0.9441","scoring_system":"epss","scoring_elements":"0.99978","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42013"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/09/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/09/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/16/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/16/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011900","reference_id":"2011900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011900"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/15/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/15/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/11/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/11/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/5","reference_id":"5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/07/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/10/08/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/10/08/6"},{"reference_url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_id":"Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html"},{"reference_url":"https://www.povilaika.com/apache-2-4-50-exploit/","reference_id":"apache-2-4-50-exploit","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://www.povilaika.com/apache-2-4-50-exploit/"},{"reference_url":"http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html","reference_id":"Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html"},{"reference_url":"http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_id":"Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html"},{"reference_url":"https://security.archlinux.org/ASA-202110-1","reference_id":"ASA-202110-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-1"},{"reference_url":"https://security.archlinux.org/AVG-2450","reference_id":"AVG-2450","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2450"},{"reference_url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_id":"cisco-sa-apache-httpd-pathtrv-LAzg68cZ","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh","reference_id":"CVE-2021-42013","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh","reference_id":"CVE-2021-42013","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2021-42013.json","reference_id":"CVE-2021-42013","reference_type":"","scores":[{"value":"critical","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2021-42013.json"},{"reference_url":"https://security.gentoo.org/glsa/202208-20","reference_id":"GLSA-202208-20","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://security.gentoo.org/glsa/202208-20"},{"reference_url":"http://jvn.jp/en/jp/JVN51106450/index.html","reference_id":"index.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"http://jvn.jp/en/jp/JVN51106450/index.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211029-0009/","reference_id":"ntap-20211029-0009","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211029-0009/"},{"reference_url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_id":"r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_id":"r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_id":"rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/","reference_id":"RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/","reference_id":"WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586654?format=json","purl":"pkg:deb/debian/apache2@2.4.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2021-42013"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3752?format=json","vulnerability_id":"VCID-rhwb-4vyp-8kf2","summary":"A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server.","references":[{"reference_url":"http://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"http://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=143748090628601&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143748090628601&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144050155601375&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=144050155601375&w=2"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2957.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2957.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3523.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3523.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3523","reference_id":"","reference_type":"","scores":[{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.9701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.97037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.97033","published_at":"2026-04-09T12:55:00Z"},{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.97036","published_at":"2026-04-12T12:55:00Z"},{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.97018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.97022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.35235","scoring_system":"epss","scoring_elements":"0.97032","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3523"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c"},{"reference_url":"http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h"},{"reference_url":"http://www.securityfocus.com/bid/68747","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121519","reference_id":"1121519","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1121519"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2014-3523.json","reference_id":"CVE-2014-3523","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2014-3523.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3523","reference_id":"CVE-2014-3523","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2957","reference_id":"RHSA-2016:2957","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2957"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2014-3523"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhwb-4vyp-8kf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3757?format=json","vulnerability_id":"VCID-tcmz-a5dq-d7cj","summary":"A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0253","reference_id":"","reference_type":"","scores":[{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.9326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93268","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93274","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93272","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93281","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93286","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1061","scoring_system":"epss","scoring_elements":"0.93289","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0253"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243891","reference_id":"1243891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1243891"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2015-0253.json","reference_id":"CVE-2015-0253","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2015-0253.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1666","reference_id":"RHSA-2015:1666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1666"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2015-0253"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcmz-a5dq-d7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79930?format=json","vulnerability_id":"VCID-w2tb-2uvg-g7hv","summary":"httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Red Hat Enterprise Linux 8.5","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20325.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20325","reference_id":"","reference_type":"","scores":[{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76069","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76073","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76105","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76084","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76118","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76156","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76132","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00933","scoring_system":"epss","scoring_elements":"0.76129","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2017321","reference_id":"2017321","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2017321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4537","reference_id":"RHSA-2021:4537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4537"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2021-20325"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w2tb-2uvg-g7hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115345?format=json","vulnerability_id":"VCID-wg13-h6gt-r7h5","summary":"Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4110","reference_id":"","reference_type":"","scores":[{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.9501","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95021","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95022","published_at":"2026-04-04T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95025","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95032","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95036","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95042","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95043","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17318","scoring_system":"epss","scoring_elements":"0.95046","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4110"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28365.txt","reference_id":"CVE-2006-4110;OSVDB-27913","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/28365.txt"},{"reference_url":"https://www.securityfocus.com/bid/19447/info","reference_id":"CVE-2006-4110;OSVDB-27913","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/19447/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2006-4110"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg13-h6gt-r7h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3867?format=json","vulnerability_id":"VCID-xhtj-rr3y-puc7","summary":"A bug in Apache HTTP Server 2.4.64 results in all \"RewriteCond expr ...\" tests evaluating as \"true\".\n\n\n\nUsers are recommended to upgrade to version 2.4.65, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54090.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54090.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54090","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52432","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52424","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5246","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.544","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54448","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54090"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383014","reference_id":"2383014","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383014"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2025-54090.json","reference_id":"CVE-2025-54090","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/json/CVE-2025-54090.json"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582525?format=json","purl":"pkg:deb/debian/apache2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582274?format=json","purl":"pkg:deb/debian/apache2@2.4.62-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.62-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/585548?format=json","purl":"pkg:deb/debian/apache2@2.4.65-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.65-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582275?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582276?format=json","purl":"pkg:deb/debian/apache2@2.4.66-1~deb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-1~deb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582277?format=json","purl":"pkg:deb/debian/apache2@2.4.66-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@2.4.66-8%3Fdistro=trixie"}],"aliases":["CVE-2025-54090"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhtj-rr3y-puc7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/apache2@0%3Fdistro=trixie"}