{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","type":"ebuild","namespace":"www-servers","name":"apache","version":"2.4.25","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.27-r1","latest_non_vulnerable_version":"2.4.62","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3760?format=json","vulnerability_id":"VCID-2nmh-7tfa-zyb2","summary":"Prior to Apache HTTP release 2.4.25, mod_sessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. An authentication tag (SipHash MAC) is now added to prevent such attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0736","reference_id":"","reference_type":"","scores":[{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97392","published_at":"2026-04-01T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97461","published_at":"2026-05-14T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97446","published_at":"2026-05-11T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97451","published_at":"2026-05-12T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97399","published_at":"2026-04-02T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97403","published_at":"2026-04-04T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97413","published_at":"2026-04-08T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97414","published_at":"2026-04-09T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97416","published_at":"2026-04-11T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97417","published_at":"2026-04-12T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97418","published_at":"2026-04-13T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97426","published_at":"2026-04-16T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.9743","published_at":"2026-04-26T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97429","published_at":"2026-04-24T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97433","published_at":"2026-04-29T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97437","published_at":"2026-05-05T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97441","published_at":"2026-05-07T12:55:00Z"},{"value":"0.4168","scoring_system":"epss","scoring_elements":"0.97444","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406744","reference_id":"1406744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406744"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py","reference_id":"CVE-2016-0736","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-0736.json","reference_id":"CVE-2016-0736","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-0736.json"},{"reference_url":"https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt","reference_id":"CVE-2016-0736","reference_type":"exploit","scores":[],"url":"https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0906","reference_id":"RHSA-2017:0906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1161","reference_id":"RHSA-2017:1161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1413","reference_id":"RHSA-2017:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1414","reference_id":"RHSA-2017:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1415","reference_id":"RHSA-2017:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1415"},{"reference_url":"https://usn.ubuntu.com/3279-1/","reference_id":"USN-3279-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3279-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}],"aliases":["CVE-2016-0736"],"risk_score":9.8,"exploitability":"2.0","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nmh-7tfa-zyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3765?format=json","vulnerability_id":"VCID-2xc4-7zg9-y7fw","summary":"HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the \"HTTP_PROXY\" variable from a \"Proxy:\" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1624.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1624.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1625.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1625.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1648.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1648.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1649.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1649.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1650.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-1650.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1635","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1635"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1636","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1636"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5387","reference_id":"","reference_type":"","scores":[{"value":"0.41959","scoring_system":"epss","scoring_elements":"0.9741","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41959","scoring_system":"epss","scoring_elements":"0.97403","published_at":"2026-04-01T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.983","published_at":"2026-05-14T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98294","published_at":"2026-05-07T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98297","published_at":"2026-05-09T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98295","published_at":"2026-05-11T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98299","published_at":"2026-05-12T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98268","published_at":"2026-04-04T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98269","published_at":"2026-04-07T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98274","published_at":"2026-04-09T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98278","published_at":"2026-04-13T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98284","published_at":"2026-04-21T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98285","published_at":"2026-04-18T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98287","published_at":"2026-04-24T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98288","published_at":"2026-04-29T12:55:00Z"},{"value":"0.60283","scoring_system":"epss","scoring_elements":"0.98293","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"},{"reference_url":"https://httpoxy.org/","reference_id":"","reference_type":"","scores":[],"url":"https://httpoxy.org/"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/"},{"reference_url":"https://support.apple.com/HT208221","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT208221"},{"reference_url":"https://www.apache.org/security/asf-httpoxy-response.txt","reference_id":"","reference_type":"","scores":[],"url":"https://www.apache.org/security/asf-httpoxy-response.txt"},{"reference_url":"https://www.tenable.com/security/tns-2017-04","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2017-04"},{"reference_url":"http://www.debian.org/security/2016/dsa-3623","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3623"},{"reference_url":"http://www.kb.cert.org/vuls/id/797896","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/797896"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"reference_url":"http://www.securityfocus.com/bid/91816","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91816"},{"reference_url":"http://www.securitytracker.com/id/1036330","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036330"},{"reference_url":"http://www.ubuntu.com/usn/USN-3038-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3038-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353755","reference_id":"1353755","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353755"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_user_data_repository:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_web_server:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-5387.json","reference_id":"CVE-2016-5387","reference_type":"","scores":[{"value":"n/a","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-5387.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5387","reference_id":"CVE-2016-5387","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5387"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1420","reference_id":"RHSA-2016:1420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1421","reference_id":"RHSA-2016:1421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1422","reference_id":"RHSA-2016:1422","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1422"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1625","reference_id":"RHSA-2016:1625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1648","reference_id":"RHSA-2016:1648","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1649","reference_id":"RHSA-2016:1649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1650","reference_id":"RHSA-2016:1650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1650"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1851","reference_id":"RHSA-2016:1851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1851"},{"reference_url":"https://usn.ubuntu.com/3038-1/","reference_id":"USN-3038-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3038-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}],"aliases":["CVE-2016-5387"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xc4-7zg9-y7fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3754?format=json","vulnerability_id":"VCID-8eqf-c42n-y7dt","summary":"An out-of-bounds memory read was found in mod_proxy_fcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only.","references":[{"reference_url":"http://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"http://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1855.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1855.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3583.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3583.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3583","reference_id":"","reference_type":"","scores":[{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97467","published_at":"2026-05-14T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97397","published_at":"2026-04-01T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97452","published_at":"2026-05-11T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97458","published_at":"2026-05-12T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97404","published_at":"2026-04-02T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97408","published_at":"2026-04-04T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97411","published_at":"2026-04-07T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97417","published_at":"2026-04-08T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97419","published_at":"2026-04-09T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97421","published_at":"2026-04-11T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97423","published_at":"2026-04-13T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97431","published_at":"2026-04-16T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97435","published_at":"2026-04-24T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97436","published_at":"2026-04-26T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97439","published_at":"2026-04-29T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97443","published_at":"2026-05-05T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.97446","published_at":"2026-05-07T12:55:00Z"},{"value":"0.41813","scoring_system":"epss","scoring_elements":"0.9745","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://support.apple.com/HT205219","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT205219"},{"reference_url":"https://support.apple.com/kb/HT205031","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT205031"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1638818","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=revision&revision=1638818"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.securityfocus.com/bid/71657","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/71657"},{"reference_url":"http://www.ubuntu.com/usn/USN-2523-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2523-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1163555","reference_id":"1163555","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1163555"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:os_x_server:5.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:os_x_server:5.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:os_x_server:5.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2014-3583.json","reference_id":"CVE-2014-3583","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2014-3583.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3583","reference_id":"CVE-2014-3583","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3583"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1855","reference_id":"RHSA-2015:1855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1858","reference_id":"RHSA-2015:1858","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1858"},{"reference_url":"https://usn.ubuntu.com/2523-1/","reference_id":"USN-2523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2523-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}],"aliases":["CVE-2014-3583"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8eqf-c42n-y7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3767?format=json","vulnerability_id":"VCID-pc2n-ga7g-byga","summary":"Apache HTTP Server, prior to release 2.4.25 (and 2.2.32), accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member \"the_request\", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines.\nRFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace.\nThese defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent.\nThese defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive; HttpProtocolOptions Strict which is the default behavior of 2.4.25 and later.\nBy toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8743","reference_id":"","reference_type":"","scores":[{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92291","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92377","published_at":"2026-05-12T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92298","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92304","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92307","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92318","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92322","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92328","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.9233","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.9234","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92339","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92345","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92338","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92348","published_at":"2026-05-05T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92358","published_at":"2026-05-07T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92369","published_at":"2026-05-11T12:55:00Z"},{"value":"0.08406","scoring_system":"epss","scoring_elements":"0.92366","published_at":"2026-05-09T12:55:00Z"},{"value":"0.10637","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406822","reference_id":"1406822","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406822"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-8743.json","reference_id":"CVE-2016-8743","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-8743.json"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0906","reference_id":"RHSA-2017:0906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1161","reference_id":"RHSA-2017:1161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1413","reference_id":"RHSA-2017:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1414","reference_id":"RHSA-2017:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1415","reference_id":"RHSA-2017:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1721","reference_id":"RHSA-2017:1721","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1721"},{"reference_url":"https://usn.ubuntu.com/3279-1/","reference_id":"USN-3279-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3279-1/"},{"reference_url":"https://usn.ubuntu.com/3373-1/","reference_id":"USN-3373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}],"aliases":["CVE-2016-8743"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc2n-ga7g-byga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3762?format=json","vulnerability_id":"VCID-rfqy-e7pv-dyfy","summary":"Malicious input to mod_auth_digest will cause the server to crash, and each instance continues to crash even for subsequently valid requests.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2161","reference_id":"","reference_type":"","scores":[{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96958","published_at":"2026-05-14T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96942","published_at":"2026-05-11T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96948","published_at":"2026-05-12T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.9688","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96885","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.9689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96898","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96902","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96904","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96905","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96912","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96916","published_at":"2026-04-18T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96919","published_at":"2026-04-24T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96921","published_at":"2026-04-26T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96925","published_at":"2026-04-29T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96929","published_at":"2026-05-05T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.96933","published_at":"2026-05-07T12:55:00Z"},{"value":"0.33186","scoring_system":"epss","scoring_elements":"0.9694","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406753","reference_id":"1406753","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1406753"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-2161.json","reference_id":"CVE-2016-2161","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-2161.json"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0906","reference_id":"RHSA-2017:0906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1161","reference_id":"RHSA-2017:1161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1413","reference_id":"RHSA-2017:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1414","reference_id":"RHSA-2017:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1415","reference_id":"RHSA-2017:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1415"},{"reference_url":"https://usn.ubuntu.com/3279-1/","reference_id":"USN-3279-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3279-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}],"aliases":["CVE-2016-2161"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfqy-e7pv-dyfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3766?format=json","vulnerability_id":"VCID-tkm7-pyue-7ffj","summary":"The HTTP/2 protocol implementation (mod_http2) had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8740.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8740","reference_id":"","reference_type":"","scores":[{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98589","published_at":"2026-04-01T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98625","published_at":"2026-05-14T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.9862","published_at":"2026-05-11T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98622","published_at":"2026-05-12T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.9859","published_at":"2026-04-02T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98594","published_at":"2026-04-04T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98595","published_at":"2026-04-07T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98601","published_at":"2026-04-11T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98602","published_at":"2026-04-12T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98608","published_at":"2026-04-21T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98612","published_at":"2026-04-24T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.68259","scoring_system":"epss","scoring_elements":"0.98619","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1401528","reference_id":"1401528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1401528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124","reference_id":"847124","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847124"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40909.py","reference_id":"CVE-2016-8740","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40909.py"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2016-8740.json","reference_id":"CVE-2016-8740","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2016-8740.json"},{"reference_url":"https://security.gentoo.org/glsa/201701-36","reference_id":"GLSA-201701-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1161","reference_id":"RHSA-2017:1161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1413","reference_id":"RHSA-2017:1413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1414","reference_id":"RHSA-2017:1414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1415","reference_id":"RHSA-2017:1415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1415"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73688?format=json","purl":"pkg:ebuild/www-servers/apache@2.4.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}],"aliases":["CVE-2016-8740"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkm7-pyue-7ffj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/www-servers/apache@2.4.25"}