Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/74984?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/74984?format=api", "purl": "pkg:apache/httpd@2.4.12", "type": "apache", "namespace": "", "name": "httpd", "version": "2.4.12", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.42", "latest_non_vulnerable_version": "2.4.54", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51060?format=api", "vulnerability_id": "VCID-1cpt-rd7f-8qhk", "summary": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59605", "scoring_system": "epss", "scoring_elements": "0.98286", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.73272", "scoring_system": "epss", "scoring_elements": "0.98813", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.73272", "scoring_system": "epss", "scoring_elements": "0.98815", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.73272", "scoring_system": "epss", "scoring_elements": "0.98816", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968", "reference_id": "1375968", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-4975.json", "reference_id": "CVE-2016-4975", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-4975.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2185", "reference_id": "RHSA-2018:2185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2186", "reference_id": "RHSA-2018:2186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2186" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74993?format=api", "purl": "pkg:apache/httpd@2.4.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-3cam-1afg-9bdv" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-pj23-hhvw-6ucr" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25" } ], "aliases": [ "CVE-2016-4975" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1cpt-rd7f-8qhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7315?format=api", "vulnerability_id": "VCID-2pj8-zfdd-tufx", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08635", "scoring_system": "epss", "scoring_elements": "0.92587", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.08635", "scoring_system": "epss", "scoring_elements": "0.9259", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.08635", "scoring_system": "epss", "scoring_elements": "0.92606", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.94047", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.94039", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.94046", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740", "reference_id": "1966740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-17567.json", "reference_id": "CVE-2019-17567", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-17567.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75011?format=api", "purl": "pkg:apache/httpd@2.4.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xa7-ar49-fucn" }, { "vulnerability": "VCID-jvav-61fn-huav" }, { "vulnerability": "VCID-k9t6-m45c-xyf4" }, { "vulnerability": "VCID-kgfq-eyta-wbgz" }, { "vulnerability": "VCID-zz8m-9k7f-ckb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48" } ], "aliases": [ "CVE-2019-17567" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pj8-zfdd-tufx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6535?format=api", "vulnerability_id": "VCID-4yze-nb6e-8yav", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96766", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96762", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96754", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96758", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96761", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207", "reference_id": "1463207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7679.json", "reference_id": "CVE-2017-7679", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7679.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74996?format=api", "purl": "pkg:apache/httpd@2.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4e1g-urtc-9bd8" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26" } ], "aliases": [ "CVE-2017-7679" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yze-nb6e-8yav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4133?format=api", "vulnerability_id": "VCID-52q8-y1bq-nqe2", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23866", "scoring_system": "epss", "scoring_elements": "0.96127", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.23866", "scoring_system": "epss", "scoring_elements": "0.96135", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.23866", "scoring_system": "epss", "scoring_elements": "0.96122", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.23866", "scoring_system": "epss", "scoring_elements": "0.9613", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036", "reference_id": "1695036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0220.json", "reference_id": "CVE-2019-0220", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0220.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0250", "reference_id": "RHSA-2020:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0251", "reference_id": "RHSA-2020:0251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0251" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75006?format=api", "purl": "pkg:apache/httpd@2.4.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2phf-6893-rugx" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-ykyn-menc-kbfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.39" } ], "aliases": [ "CVE-2019-0220" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52q8-y1bq-nqe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51067?format=api", "vulnerability_id": "VCID-5qj8-vuec-h3fg", "summary": "When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03761", "scoring_system": "epss", "scoring_elements": "0.88263", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03761", "scoring_system": "epss", "scoring_elements": "0.88278", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.03761", "scoring_system": "epss", "scoring_elements": "0.88242", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03761", "scoring_system": "epss", "scoring_elements": "0.88262", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03761", "scoring_system": "epss", "scoring_elements": "0.88261", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395", "reference_id": "1560395", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1283.json", "reference_id": "CVE-2018-1283", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1283.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75000?format=api", "purl": "pkg:apache/httpd@2.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2k5c-hutn-27dn" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33" } ], "aliases": [ "CVE-2018-1283" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qj8-vuec-h3fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6538?format=api", "vulnerability_id": "VCID-5y32-wcg3-sybr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30773", "scoring_system": "epss", "scoring_elements": "0.96833", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.30773", "scoring_system": "epss", "scoring_elements": "0.96829", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.30773", "scoring_system": "epss", "scoring_elements": "0.9682", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.30773", "scoring_system": "epss", "scoring_elements": "0.96825", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.30773", "scoring_system": "epss", "scoring_elements": "0.96828", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197", "reference_id": "1463197", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3169.json", "reference_id": "CVE-2017-3169", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3169.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74996?format=api", "purl": "pkg:apache/httpd@2.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4e1g-urtc-9bd8" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26" } ], "aliases": [ "CVE-2017-3169" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5y32-wcg3-sybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51082?format=api", "vulnerability_id": "VCID-68uu-wm68-zkfb", "summary": "in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27241", "scoring_system": "epss", "scoring_elements": "0.96502", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.27241", "scoring_system": "epss", "scoring_elements": "0.96497", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.27241", "scoring_system": "epss", "scoring_elements": "0.96498", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.27241", "scoring_system": "epss", "scoring_elements": "0.96489", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.27241", "scoring_system": "epss", "scoring_elements": "0.96492", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772", "reference_id": "1820772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1934.json", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1934.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75013?format=api", "purl": "pkg:apache/httpd@2.4.42", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.42" } ], "aliases": [ "CVE-2020-1934" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-68uu-wm68-zkfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51080?format=api", "vulnerability_id": "VCID-7pxa-tvz9-u7ht", "summary": "Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77398", "scoring_system": "epss", "scoring_elements": "0.99001", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.77398", "scoring_system": "epss", "scoring_elements": "0.99003", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.77398", "scoring_system": "epss", "scoring_elements": "0.99005", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.77398", "scoring_system": "epss", "scoring_elements": "0.99004", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.77398", "scoring_system": "epss", "scoring_elements": "0.99002", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959", "reference_id": "1743959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743959" }, { "reference_url": "https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/", "reference_id": "CVE-2019-10098", "reference_type": "exploit", "scores": [], "url": "https://0day.work/open-redirects-in-improperly-configured-mod_rewrite-rules-poc-for-cve-2019-10098/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md", "reference_id": "CVE-2019-10098", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47689.md" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10098.json", "reference_id": "CVE-2019-10098", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10098.json" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75008?format=api", "purl": "pkg:apache/httpd@2.4.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2phf-6893-rugx" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-ckj4-4db9-6bgy" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41" } ], "aliases": [ "CVE-2019-10098" ], "risk_score": 8.2, "exploitability": "2.0", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pxa-tvz9-u7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7309?format=api", "vulnerability_id": "VCID-7u6p-2mtv-33an", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32485", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32453", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32413", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40327", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40342", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40313", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006", "reference_id": "1970006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006" }, { "reference_url": "https://security.archlinux.org/AVG-2054", "reference_id": "AVG-2054", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2054" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13938.json", "reference_id": "CVE-2020-13938", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13938.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75011?format=api", "purl": "pkg:apache/httpd@2.4.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xa7-ar49-fucn" }, { "vulnerability": "VCID-jvav-61fn-huav" }, { "vulnerability": "VCID-k9t6-m45c-xyf4" }, { "vulnerability": "VCID-kgfq-eyta-wbgz" }, { "vulnerability": "VCID-zz8m-9k7f-ckb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48" } ], "aliases": [ "CVE-2020-13938" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u6p-2mtv-33an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51078?format=api", "vulnerability_id": "VCID-9q1t-7c6j-t3dh", "summary": "A limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malfomed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. We have taken this opportunity to also remove request data from many other in-built error messages. Note however this issue did not affect them directly and their output was already escaped to prevent cross-site scripting attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10092.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99246", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99244", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99247", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.82379", "scoring_system": "epss", "scoring_elements": "0.99245", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956", "reference_id": "1743956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1743956" }, { "reference_url": "https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/", "reference_id": "CVE-2019-10092", "reference_type": "exploit", "scores": [], "url": "https://0day.work/proof-of-concept-for-apache-httpd-limited-cross-site-scripting-in-mod_proxy-error-page-cve-2019-10092/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md", "reference_id": "CVE-2019-10092", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/47688.md" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-10092.json", "reference_id": "CVE-2019-10092", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-10092.json" }, { "reference_url": "https://security.gentoo.org/glsa/201909-04", "reference_id": "GLSA-201909-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75008?format=api", "purl": "pkg:apache/httpd@2.4.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2phf-6893-rugx" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-ckj4-4db9-6bgy" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.41" } ], "aliases": [ "CVE-2019-10092" ], "risk_score": 8.4, "exploitability": "2.0", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9q1t-7c6j-t3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51059?format=api", "vulnerability_id": "VCID-aj4u-27vr-9ugt", "summary": "Malicious input to mod_auth_digest will cause the server to crash, and each instance continues to crash even for subsequently valid requests.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25822", "scoring_system": "epss", "scoring_elements": "0.96361", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.25822", "scoring_system": "epss", "scoring_elements": "0.96376", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.25822", "scoring_system": "epss", "scoring_elements": "0.9637", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.25822", "scoring_system": "epss", "scoring_elements": "0.96371", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.25822", "scoring_system": "epss", "scoring_elements": "0.96366", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753", "reference_id": "1406753", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406753" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-2161.json", "reference_id": "CVE-2016-2161", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-2161.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://usn.ubuntu.com/3279-1/", "reference_id": "USN-3279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3279-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74993?format=api", "purl": "pkg:apache/httpd@2.4.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-3cam-1afg-9bdv" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-pj23-hhvw-6ucr" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25" } ], "aliases": [ "CVE-2016-2161" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aj4u-27vr-9ugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6177?format=api", "vulnerability_id": "VCID-bmyw-jdh2-17d3", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93381", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93387", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93368", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93379", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.9338", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493", "reference_id": "1668493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303", "reference_id": "920303", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17199.json", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17199.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75005?format=api", "purl": "pkg:apache/httpd@2.4.38", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-faqh-hsss-93bc" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-sufe-qfsf-pbaq" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.38" } ], "aliases": [ "CVE-2018-17199" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmyw-jdh2-17d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51070?format=api", "vulnerability_id": "VCID-bp2p-twzt-wkap", "summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34546", "scoring_system": "epss", "scoring_elements": "0.97095", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.34546", "scoring_system": "epss", "scoring_elements": "0.97101", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.34546", "scoring_system": "epss", "scoring_elements": "0.97089", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.34546", "scoring_system": "epss", "scoring_elements": "0.97097", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.34546", "scoring_system": "epss", "scoring_elements": "0.97093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399", "reference_id": "1560399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1303.json", "reference_id": "CVE-2018-1303", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1303.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75000?format=api", "purl": "pkg:apache/httpd@2.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2k5c-hutn-27dn" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33" } ], "aliases": [ "CVE-2018-1303" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bp2p-twzt-wkap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51068?format=api", "vulnerability_id": "VCID-bzpc-s4tb-1yhg", "summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91948", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9196", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91946", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91947", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643", "reference_id": "1560643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1301.json", "reference_id": "CVE-2018-1301", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1301.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75000?format=api", "purl": "pkg:apache/httpd@2.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2k5c-hutn-27dn" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33" } ], "aliases": [ "CVE-2018-1301" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzpc-s4tb-1yhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51062?format=api", "vulnerability_id": "VCID-duan-fz4r-uydy", "summary": "HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the \"HTTP_PROXY\" variable from a \"Proxy:\" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43937", "scoring_system": "epss", "scoring_elements": "0.97611", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.51564", "scoring_system": "epss", "scoring_elements": "0.97949", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.51564", "scoring_system": "epss", "scoring_elements": "0.97945", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.51564", "scoring_system": "epss", "scoring_elements": "0.97948", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353755", "reference_id": "1353755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353755" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-5387.json", "reference_id": "CVE-2016-5387", "reference_type": "", "scores": [ { "value": "n/a", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-5387.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1420", "reference_id": "RHSA-2016:1420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1421", "reference_id": "RHSA-2016:1421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1422", "reference_id": "RHSA-2016:1422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1625", "reference_id": "RHSA-2016:1625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1648", "reference_id": "RHSA-2016:1648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1649", "reference_id": "RHSA-2016:1649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1650", "reference_id": "RHSA-2016:1650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1851", "reference_id": "RHSA-2016:1851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1851" }, { "reference_url": "https://usn.ubuntu.com/3038-1/", "reference_id": "USN-3038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3038-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74993?format=api", "purl": "pkg:apache/httpd@2.4.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-3cam-1afg-9bdv" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-pj23-hhvw-6ucr" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25" } ], "aliases": [ "CVE-2016-5387" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duan-fz4r-uydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51066?format=api", "vulnerability_id": "VCID-hk7s-5xmv-1kca", "summary": "The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93618", "scoring_system": "epss", "scoring_elements": "0.99847", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.93618", "scoring_system": "epss", "scoring_elements": "0.99848", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614", "reference_id": "1560614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15715.json", "reference_id": "CVE-2017-15715", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15715.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75000?format=api", "purl": "pkg:apache/httpd@2.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2k5c-hutn-27dn" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33" } ], "aliases": [ "CVE-2017-15715" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk7s-5xmv-1kca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6470?format=api", "vulnerability_id": "VCID-j5r1-q5tv-xqcp", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99874", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344", "reference_id": "1490344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109", "reference_id": "876109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109" }, { "reference_url": "https://security.archlinux.org/ASA-201709-15", "reference_id": "ASA-201709-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-15" }, { "reference_url": "https://security.archlinux.org/AVG-404", "reference_id": "AVG-404", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-404" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9798.json", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9798.json" }, { "reference_url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2882", "reference_id": "RHSA-2017:2882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2972", "reference_id": "RHSA-2017:2972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3018", "reference_id": "RHSA-2017:3018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3425-1/", "reference_id": "USN-3425-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-1/" }, { "reference_url": "https://usn.ubuntu.com/3425-2/", "reference_id": "USN-3425-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74998?format=api", "purl": "pkg:apache/httpd@2.4.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.28" } ], "aliases": [ "CVE-2017-9798" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j5r1-q5tv-xqcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51054?format=api", "vulnerability_id": "VCID-jyh8-j4vf-8fgs", "summary": "A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10755", "scoring_system": "epss", "scoring_elements": "0.93473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10755", "scoring_system": "epss", "scoring_elements": "0.93484", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.10755", "scoring_system": "epss", "scoring_elements": "0.93482", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.10755", "scoring_system": "epss", "scoring_elements": "0.93489", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0253" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243891", "reference_id": "1243891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243891" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2015-0253.json", "reference_id": "CVE-2015-0253", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2015-0253.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1666", "reference_id": "RHSA-2015:1666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74985?format=api", "purl": "pkg:apache/httpd@2.4.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.16" } ], "aliases": [ "CVE-2015-0253" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyh8-j4vf-8fgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7311?format=api", "vulnerability_id": "VCID-kaw2-gdzq-4qdm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.47816", "scoring_system": "epss", "scoring_elements": "0.97771", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.47816", "scoring_system": "epss", "scoring_elements": "0.97774", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.47816", "scoring_system": "epss", "scoring_elements": "0.97768", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.47816", "scoring_system": "epss", "scoring_elements": "0.97773", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732", "reference_id": "1966732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26691.json", "reference_id": "CVE-2021-26691", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26691.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75011?format=api", "purl": "pkg:apache/httpd@2.4.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xa7-ar49-fucn" }, { "vulnerability": "VCID-jvav-61fn-huav" }, { "vulnerability": "VCID-k9t6-m45c-xyf4" }, { "vulnerability": "VCID-kgfq-eyta-wbgz" }, { "vulnerability": "VCID-zz8m-9k7f-ckb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48" } ], "aliases": [ "CVE-2021-26691" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kaw2-gdzq-4qdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51071?format=api", "vulnerability_id": "VCID-ndjs-6nmc-9yg1", "summary": "When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91815", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91826", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91813", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91812", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634", "reference_id": "1560634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1312.json", "reference_id": "CVE-2018-1312", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1312.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1898", "reference_id": "RHSA-2019:1898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1898" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75000?format=api", "purl": "pkg:apache/httpd@2.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2k5c-hutn-27dn" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33" } ], "aliases": [ "CVE-2018-1312" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndjs-6nmc-9yg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51064?format=api", "vulnerability_id": "VCID-nn89-pb36-v7ds", "summary": "Apache HTTP Server, prior to release 2.4.25 (and 2.2.32), accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member \"the_request\", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines.\nRFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace.\nThese defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent.\nThese defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive; HttpProtocolOptions Strict which is the default behavior of 2.4.25 and later.\nBy toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0978", "scoring_system": "epss", "scoring_elements": "0.931", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0978", "scoring_system": "epss", "scoring_elements": "0.93114", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0978", "scoring_system": "epss", "scoring_elements": "0.93107", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0978", "scoring_system": "epss", "scoring_elements": "0.93105", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0978", "scoring_system": "epss", "scoring_elements": "0.93111", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0978", "scoring_system": "epss", "scoring_elements": "0.9311", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822", "reference_id": "1406822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406822" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-8743.json", "reference_id": "CVE-2016-8743", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-8743.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1721", "reference_id": "RHSA-2017:1721", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1721" }, { "reference_url": "https://usn.ubuntu.com/3279-1/", "reference_id": "USN-3279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3279-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74993?format=api", "purl": "pkg:apache/httpd@2.4.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-3cam-1afg-9bdv" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-pj23-hhvw-6ucr" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25" } ], "aliases": [ "CVE-2016-8743" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nn89-pb36-v7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51057?format=api", "vulnerability_id": "VCID-nyqj-yfjw-23dd", "summary": "Prior to Apache HTTP release 2.4.25, mod_sessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. An authentication tag (SipHash MAC) is now added to prevent such attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0736.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34285", "scoring_system": "epss", "scoring_elements": "0.97087", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97498", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97492", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.97499", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.4168", "scoring_system": "epss", "scoring_elements": "0.975", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744", "reference_id": "1406744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1406744" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py", "reference_id": "CVE-2016-0736", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/40961.py" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2016-0736.json", "reference_id": "CVE-2016-0736", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2016-0736.json" }, { "reference_url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt", "reference_id": "CVE-2016-0736", "reference_type": "exploit", "scores": [], "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0906", "reference_id": "RHSA-2017:0906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1413", "reference_id": "RHSA-2017:1413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1414", "reference_id": "RHSA-2017:1414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1415", "reference_id": "RHSA-2017:1415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1415" }, { "reference_url": "https://usn.ubuntu.com/3279-1/", "reference_id": "USN-3279-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3279-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74993?format=api", "purl": "pkg:apache/httpd@2.4.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-3cam-1afg-9bdv" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-pj23-hhvw-6ucr" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25" } ], "aliases": [ "CVE-2016-0736" ], "risk_score": 9.8, "exploitability": "2.0", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyqj-yfjw-23dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6539?format=api", "vulnerability_id": "VCID-ps1g-6hy7-87dr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08717", "scoring_system": "epss", "scoring_elements": "0.92657", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.08717", "scoring_system": "epss", "scoring_elements": "0.92636", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08717", "scoring_system": "epss", "scoring_elements": "0.9264", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.08717", "scoring_system": "epss", "scoring_elements": "0.92645", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.08717", "scoring_system": "epss", "scoring_elements": "0.92639", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.08717", "scoring_system": "epss", "scoring_elements": "0.92649", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194", "reference_id": "1463194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3167.json", "reference_id": "CVE-2017-3167", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3167.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74996?format=api", "purl": "pkg:apache/httpd@2.4.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4e1g-urtc-9bd8" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.26" } ], "aliases": [ "CVE-2017-3167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ps1g-6hy7-87dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51085?format=api", "vulnerability_id": "VCID-pzum-j7as-bkbk", "summary": "For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11985.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11985.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15318", "scoring_system": "epss", "scoring_elements": "0.94754", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15318", "scoring_system": "epss", "scoring_elements": "0.9477", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.15318", "scoring_system": "epss", "scoring_elements": "0.94764", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.15318", "scoring_system": "epss", "scoring_elements": "0.94765", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.15318", "scoring_system": "epss", "scoring_elements": "0.94763", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11985" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866559", "reference_id": "1866559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1866559" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-11985.json", "reference_id": "CVE-2020-11985", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-11985.json" }, { "reference_url": "https://security.gentoo.org/glsa/202008-04", "reference_id": "GLSA-202008-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1161", "reference_id": "RHSA-2017:1161", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1161" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74993?format=api", "purl": "pkg:apache/httpd@2.4.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-3cam-1afg-9bdv" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-pj23-hhvw-6ucr" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.25" } ], "aliases": [ "CVE-2020-11985" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pzum-j7as-bkbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51081?format=api", "vulnerability_id": "VCID-r4tp-y16c-57ak", "summary": "In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04949", "scoring_system": "epss", "scoring_elements": "0.8986", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.04949", "scoring_system": "epss", "scoring_elements": "0.89845", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04949", "scoring_system": "epss", "scoring_elements": "0.89843", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04949", "scoring_system": "epss", "scoring_elements": "0.89828", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04949", "scoring_system": "epss", "scoring_elements": "0.89844", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761", "reference_id": "1820761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1927.json", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1927.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75013?format=api", "purl": "pkg:apache/httpd@2.4.42", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.42" } ], "aliases": [ "CVE-2020-1927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4tp-y16c-57ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7312?format=api", "vulnerability_id": "VCID-saux-awas-mfau", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.60353", "scoring_system": "epss", "scoring_elements": "0.98312", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.60353", "scoring_system": "epss", "scoring_elements": "0.98311", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.60353", "scoring_system": "epss", "scoring_elements": "0.98309", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.60353", "scoring_system": "epss", "scoring_elements": "0.98313", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729", "reference_id": "1966729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26690.json", "reference_id": "CVE-2021-26690", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26690.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75011?format=api", "purl": "pkg:apache/httpd@2.4.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xa7-ar49-fucn" }, { "vulnerability": "VCID-jvav-61fn-huav" }, { "vulnerability": "VCID-k9t6-m45c-xyf4" }, { "vulnerability": "VCID-kgfq-eyta-wbgz" }, { "vulnerability": "VCID-zz8m-9k7f-ckb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48" } ], "aliases": [ "CVE-2021-26690" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-saux-awas-mfau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7313?format=api", "vulnerability_id": "VCID-t8aa-rv68-fkg5", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06315", "scoring_system": "epss", "scoring_elements": "0.91138", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06315", "scoring_system": "epss", "scoring_elements": "0.91151", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.06315", "scoring_system": "epss", "scoring_elements": "0.91134", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93453", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93464", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724", "reference_id": "1966724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-35452.json", "reference_id": "CVE-2020-35452", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-35452.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75011?format=api", "purl": "pkg:apache/httpd@2.4.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3xa7-ar49-fucn" }, { "vulnerability": "VCID-jvav-61fn-huav" }, { "vulnerability": "VCID-k9t6-m45c-xyf4" }, { "vulnerability": "VCID-kgfq-eyta-wbgz" }, { "vulnerability": "VCID-zz8m-9k7f-ckb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.48" } ], "aliases": [ "CVE-2020-35452" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8aa-rv68-fkg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51065?format=api", "vulnerability_id": "VCID-tgwb-8x2b-abfy", "summary": "mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13193", "scoring_system": "epss", "scoring_elements": "0.94273", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.13193", "scoring_system": "epss", "scoring_elements": "0.94279", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.13193", "scoring_system": "epss", "scoring_elements": "0.94263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13193", "scoring_system": "epss", "scoring_elements": "0.94274", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.13193", "scoring_system": "epss", "scoring_elements": "0.94271", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599", "reference_id": "1560599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15710.json", "reference_id": "CVE-2017-15710", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15710.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75000?format=api", "purl": "pkg:apache/httpd@2.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2k5c-hutn-27dn" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-8a5y-wnbc-7yb5" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.33" } ], "aliases": [ "CVE-2017-15710" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tgwb-8x2b-abfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51053?format=api", "vulnerability_id": "VCID-tmjs-99hk-syat", "summary": "A stack recursion crash in the mod_lua module was found. A Lua script executing the r:wsupgrade() function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0228.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0228.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15242", "scoring_system": "epss", "scoring_elements": "0.94737", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15242", "scoring_system": "epss", "scoring_elements": "0.94746", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.15242", "scoring_system": "epss", "scoring_elements": "0.94747", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.15242", "scoring_system": "epss", "scoring_elements": "0.94749", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.15242", "scoring_system": "epss", "scoring_elements": "0.94755", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202988", "reference_id": "1202988", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202988" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2015-0228.json", "reference_id": "CVE-2015-0228", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2015-0228.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1666", "reference_id": "RHSA-2015:1666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1666" }, { "reference_url": "https://usn.ubuntu.com/2523-1/", "reference_id": "USN-2523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2523-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74985?format=api", "purl": "pkg:apache/httpd@2.4.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.16" } ], "aliases": [ "CVE-2015-0228" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmjs-99hk-syat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4527?format=api", "vulnerability_id": "VCID-um53-bb17-93fp", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49498", "scoring_system": "epss", "scoring_elements": "0.97852", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.49498", "scoring_system": "epss", "scoring_elements": "0.97853", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.49498", "scoring_system": "epss", "scoring_elements": "0.97849", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.49498", "scoring_system": "epss", "scoring_elements": "0.97854", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748", "reference_id": "1470748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467", "reference_id": "868467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9788.json", "reference_id": "CVE-2017-9788", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9788.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2708", "reference_id": "RHSA-2017:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2709", "reference_id": "RHSA-2017:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2710", "reference_id": "RHSA-2017:2710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://usn.ubuntu.com/3370-1/", "reference_id": "USN-3370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-1/" }, { "reference_url": "https://usn.ubuntu.com/3370-2/", "reference_id": "USN-3370-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74997?format=api", "purl": "pkg:apache/httpd@2.4.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-62uq-vyd8-mfbt" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nxt8-4r1p-kuab" }, { "vulnerability": "VCID-ny3v-m8gs-3bf2" }, { "vulnerability": "VCID-pfpr-8td6-t7dc" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-t9kh-3weu-qugs" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-ykyn-menc-kbfa" }, { "vulnerability": "VCID-yvfg-1nhp-qqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.27" } ], "aliases": [ "CVE-2017-9788" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-um53-bb17-93fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51055?format=api", "vulnerability_id": "VCID-vb2q-wweb-37gz", "summary": "An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24118", "scoring_system": "epss", "scoring_elements": "0.96171", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24118", "scoring_system": "epss", "scoring_elements": "0.96177", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.24118", "scoring_system": "epss", "scoring_elements": "0.9618", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.24118", "scoring_system": "epss", "scoring_elements": "0.96186", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243887", "reference_id": "1243887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243887" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2015-3183.json", "reference_id": "CVE-2015-3183", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2015-3183.json" }, { "reference_url": "https://security.gentoo.org/glsa/201610-02", "reference_id": "GLSA-201610-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1666", "reference_id": "RHSA-2015:1666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1667", "reference_id": "RHSA-2015:1667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1668", "reference_id": "RHSA-2015:1668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2661", "reference_id": "RHSA-2015:2661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0061", "reference_id": "RHSA-2016:0061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0062", "reference_id": "RHSA-2016:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2054", "reference_id": "RHSA-2016:2054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2055", "reference_id": "RHSA-2016:2055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2056", "reference_id": "RHSA-2016:2056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2056" }, { "reference_url": "https://usn.ubuntu.com/2686-1/", "reference_id": "USN-2686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2686-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74985?format=api", "purl": "pkg:apache/httpd@2.4.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.16" } ], "aliases": [ "CVE-2015-3183" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vb2q-wweb-37gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4134?format=api", "vulnerability_id": "VCID-wmmz-e7c5-1ye1", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97565", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97567", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97559", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97564", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020", "reference_id": "1695020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0217.json", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0217.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/75006?format=api", "purl": "pkg:apache/httpd@2.4.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2phf-6893-rugx" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-54u4-szhc-zycj" }, { "vulnerability": "VCID-5sf7-wq36-5ye3" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7bxa-rkrq-dyf7" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-d1f9-7qtk-qucw" }, { "vulnerability": "VCID-eueu-bt2r-xfaa" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-ykyn-menc-kbfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.39" } ], "aliases": [ "CVE-2019-0217" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmmz-e7c5-1ye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51056?format=api", "vulnerability_id": "VCID-xd6e-12jd-pufb", "summary": "A design error in the \"ap_some_auth_required\" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for authorization as well and can appear in configurations even when no authentication is required and the request is entirely unrestricted. This could lead to modules using this API to allow access when they should otherwise not do so. API users should use the new ap_some_authn_required API added in 2.4.16 instead.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06367", "scoring_system": "epss", "scoring_elements": "0.91164", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06367", "scoring_system": "epss", "scoring_elements": "0.91177", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06367", "scoring_system": "epss", "scoring_elements": "0.91176", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06367", "scoring_system": "epss", "scoring_elements": "0.91174", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06367", "scoring_system": "epss", "scoring_elements": "0.9117", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.06367", "scoring_system": "epss", "scoring_elements": "0.91185", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3185" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888", "reference_id": "1243888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243888" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2015-3185.json", "reference_id": "CVE-2015-3185", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2015-3185.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1666", "reference_id": "RHSA-2015:1666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1667", "reference_id": "RHSA-2015:1667", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2957", "reference_id": "RHSA-2016:2957", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2957" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2708", "reference_id": "RHSA-2017:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2709", "reference_id": "RHSA-2017:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2710", "reference_id": "RHSA-2017:2710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "reference_url": "https://usn.ubuntu.com/2686-1/", "reference_id": "USN-2686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2686-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74985?format=api", "purl": "pkg:apache/httpd@2.4.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.16" } ], "aliases": [ "CVE-2015-3185" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xd6e-12jd-pufb" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51052?format=api", "vulnerability_id": "VCID-875s-qd97-wbga", "summary": "Fix handling of the Require line in mod_lua when a LuaAuthzProvider is used in multiple Require directives with different arguments. This could lead to different authentication rules than expected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8109.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8109.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11719", "scoring_system": "epss", "scoring_elements": "0.93822", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11719", "scoring_system": "epss", "scoring_elements": "0.93831", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.11719", "scoring_system": "epss", "scoring_elements": "0.9383", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.11719", "scoring_system": "epss", "scoring_elements": "0.93829", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.11719", "scoring_system": "epss", "scoring_elements": "0.93834", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8109" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174077", "reference_id": "1174077", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174077" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-8109.json", "reference_id": "CVE-2014-8109", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-8109.json" }, { "reference_url": "https://usn.ubuntu.com/2523-1/", "reference_id": "USN-2523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2523-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74984?format=api", "purl": "pkg:apache/httpd@2.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-jyh8-j4vf-8fgs" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-tmjs-99hk-syat" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-vb2q-wweb-37gz" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-xd6e-12jd-pufb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.12" } ], "aliases": [ "CVE-2014-8109" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-875s-qd97-wbga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51050?format=api", "vulnerability_id": "VCID-9hz8-j6ce-2bca", "summary": "A NULL pointer deference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. This crash would only be a denial of service if using a threaded MPM.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3581.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04809", "scoring_system": "epss", "scoring_elements": "0.89681", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04809", "scoring_system": "epss", "scoring_elements": "0.89698", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04809", "scoring_system": "epss", "scoring_elements": "0.89699", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04809", "scoring_system": "epss", "scoring_elements": "0.897", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04809", "scoring_system": "epss", "scoring_elements": "0.89715", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149709", "reference_id": "1149709", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149709" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-3581.json", "reference_id": "CVE-2014-3581", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-3581.json" }, { "reference_url": "https://security.gentoo.org/glsa/201610-02", "reference_id": "GLSA-201610-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1972", "reference_id": "RHSA-2014:1972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0325", "reference_id": "RHSA-2015:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2661", "reference_id": "RHSA-2015:2661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2661" }, { "reference_url": "https://usn.ubuntu.com/2523-1/", "reference_id": "USN-2523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2523-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74984?format=api", "purl": "pkg:apache/httpd@2.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-jyh8-j4vf-8fgs" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-tmjs-99hk-syat" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-vb2q-wweb-37gz" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-xd6e-12jd-pufb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.12" } ], "aliases": [ "CVE-2014-3581" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hz8-j6ce-2bca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51042?format=api", "vulnerability_id": "VCID-fg75-4dwv-9qb5", "summary": "HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the \"MergeTrailers\" directive to restore legacy behavior.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5704.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5704.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5704", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65044", "scoring_system": "epss", "scoring_elements": "0.98494", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.65044", "scoring_system": "epss", "scoring_elements": "0.98497", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.65044", "scoring_system": "epss", "scoring_elements": "0.98496", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-5704" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082903", "reference_id": "1082903", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082903" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2013-5704.json", "reference_id": "CVE-2013-5704", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2013-5704.json" }, { "reference_url": "https://security.gentoo.org/glsa/201504-03", "reference_id": "GLSA-201504-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1972", "reference_id": "RHSA-2014:1972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0325", "reference_id": "RHSA-2015:0325", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1249", "reference_id": "RHSA-2015:1249", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2661", "reference_id": "RHSA-2015:2661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0061", "reference_id": "RHSA-2016:0061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0062", "reference_id": "RHSA-2016:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0062" }, { "reference_url": "https://usn.ubuntu.com/2523-1/", "reference_id": "USN-2523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2523-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74983?format=api", "purl": "pkg:apache/httpd@2.2.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-vb2q-wweb-37gz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.2.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/74984?format=api", "purl": "pkg:apache/httpd@2.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-jyh8-j4vf-8fgs" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-tmjs-99hk-syat" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-vb2q-wweb-37gz" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-xd6e-12jd-pufb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.12" } ], "aliases": [ "CVE-2013-5704" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fg75-4dwv-9qb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51051?format=api", "vulnerability_id": "VCID-x5nj-5bsv-aqeh", "summary": "An out-of-bounds memory read was found in mod_proxy_fcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3583.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3583.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41813", "scoring_system": "epss", "scoring_elements": "0.97498", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.41813", "scoring_system": "epss", "scoring_elements": "0.97504", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.41813", "scoring_system": "epss", "scoring_elements": "0.97505", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.41813", "scoring_system": "epss", "scoring_elements": "0.97506", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163555", "reference_id": "1163555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163555" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2014-3583.json", "reference_id": "CVE-2014-3583", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2014-3583.json" }, { "reference_url": "https://security.gentoo.org/glsa/201701-36", "reference_id": "GLSA-201701-36", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-36" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1855", "reference_id": "RHSA-2015:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1858", "reference_id": "RHSA-2015:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1858" }, { "reference_url": "https://usn.ubuntu.com/2523-1/", "reference_id": "USN-2523-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2523-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74984?format=api", "purl": "pkg:apache/httpd@2.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1cpt-rd7f-8qhk" }, { "vulnerability": "VCID-2pj8-zfdd-tufx" }, { "vulnerability": "VCID-4yze-nb6e-8yav" }, { "vulnerability": "VCID-52q8-y1bq-nqe2" }, { "vulnerability": "VCID-5qj8-vuec-h3fg" }, { "vulnerability": "VCID-5y32-wcg3-sybr" }, { "vulnerability": "VCID-68uu-wm68-zkfb" }, { "vulnerability": "VCID-7pxa-tvz9-u7ht" }, { "vulnerability": "VCID-7u6p-2mtv-33an" }, { "vulnerability": "VCID-9q1t-7c6j-t3dh" }, { "vulnerability": "VCID-aj4u-27vr-9ugt" }, { "vulnerability": "VCID-bmyw-jdh2-17d3" }, { "vulnerability": "VCID-bp2p-twzt-wkap" }, { "vulnerability": "VCID-bzpc-s4tb-1yhg" }, { "vulnerability": "VCID-duan-fz4r-uydy" }, { "vulnerability": "VCID-hk7s-5xmv-1kca" }, { "vulnerability": "VCID-j5r1-q5tv-xqcp" }, { "vulnerability": "VCID-jyh8-j4vf-8fgs" }, { "vulnerability": "VCID-kaw2-gdzq-4qdm" }, { "vulnerability": "VCID-ndjs-6nmc-9yg1" }, { "vulnerability": "VCID-nn89-pb36-v7ds" }, { "vulnerability": "VCID-nyqj-yfjw-23dd" }, { "vulnerability": "VCID-ps1g-6hy7-87dr" }, { "vulnerability": "VCID-pzum-j7as-bkbk" }, { "vulnerability": "VCID-r4tp-y16c-57ak" }, { "vulnerability": "VCID-saux-awas-mfau" }, { "vulnerability": "VCID-t8aa-rv68-fkg5" }, { "vulnerability": "VCID-tgwb-8x2b-abfy" }, { "vulnerability": "VCID-tmjs-99hk-syat" }, { "vulnerability": "VCID-um53-bb17-93fp" }, { "vulnerability": "VCID-vb2q-wweb-37gz" }, { "vulnerability": "VCID-wmmz-e7c5-1ye1" }, { "vulnerability": "VCID-xd6e-12jd-pufb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.12" } ], "aliases": [ "CVE-2014-3583" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5nj-5bsv-aqeh" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apache/httpd@2.4.12" }