Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/88306?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "type": "deb", "namespace": "debian", "name": "apr", "version": "1.7.0-6+deb11u2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.7.0-7", "latest_non_vulnerable_version": "1.7.6-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58714?format=api", "vulnerability_id": "VCID-fbhf-cs4s-vkam", "summary": "Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49582.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49582.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49582", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06614", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06662", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06668", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06655", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49582" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080375", "reference_id": "1080375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080375" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307913", "reference_id": "2307913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2307913" }, { "reference_url": "https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4", "reference_id": "sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T17:39:05Z/" } ], "url": "https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4" }, { "reference_url": "https://usn.ubuntu.com/7038-1/", "reference_id": "USN-7038-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7038-1/" }, { "reference_url": "https://usn.ubuntu.com/7038-2/", "reference_id": "USN-7038-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7038-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-49582" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fbhf-cs4s-vkam" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58712?format=api", "vulnerability_id": "VCID-3yp3-unxa-ubej", "summary": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34781", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34821", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34877", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34894", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34858", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24963" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", "reference_id": "2169465", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169465" }, { "reference_url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", "reference_id": "fw9p6sdncwsjkstwc066vz57xqzfksq9", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:33:34Z/" } ], "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230908-0008/", "reference_id": "ntap-20230908-0008", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:33:34Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230908-0008/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4909", "reference_id": "RHSA-2023:4909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4910", "reference_id": "RHSA-2023:4910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7711", "reference_id": "RHSA-2023:7711", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7711" }, { "reference_url": "https://usn.ubuntu.com/5885-1/", "reference_id": "USN-5885-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5885-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88316?format=api", "purl": "pkg:deb/debian/apr@1.7.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-24963" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yp3-unxa-ubej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58710?format=api", "vulnerability_id": "VCID-apke-4dfq-z3bh", "summary": "tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0840.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0840.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40186", "scoring_system": "epss", "scoring_elements": "0.97419", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.40186", "scoring_system": "epss", "scoring_elements": "0.97425", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.40186", "scoring_system": "epss", "scoring_elements": "0.97426", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.40186", "scoring_system": "epss", "scoring_elements": "0.97427", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0840" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655435", "reference_id": "655435", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655435" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=781606", "reference_id": "781606", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=781606" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/36669.txt", "reference_id": "CVE-2012-0840;OSVDB-78932", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/36669.txt" }, { "reference_url": "https://www.securityfocus.com/bid/51917/info", "reference_id": "CVE-2012-0840;OSVDB-78932", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/51917/info" }, { "reference_url": "https://security.gentoo.org/glsa/201405-24", "reference_id": "GLSA-201405-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88312?format=api", "purl": "pkg:deb/debian/apr@1.4.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-0840" ], "risk_score": 0.8, "exploitability": "2.0", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apke-4dfq-z3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51009?format=api", "vulnerability_id": "VCID-g837-8mzy-h3be", "summary": "A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2412.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.92088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.921", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.92097", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07751", "scoring_system": "epss", "scoring_elements": "0.92095", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.10322", "scoring_system": "epss", "scoring_elements": "0.93326", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698", "reference_id": "515698", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-2412.json", "reference_id": "CVE-2009-2412", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-2412.json" }, { "reference_url": "https://security.gentoo.org/glsa/200909-03", "reference_id": "GLSA-200909-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200909-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1204", "reference_id": "RHSA-2009:1204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1205", "reference_id": "RHSA-2009:1205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1462", "reference_id": "RHSA-2009:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1462" }, { "reference_url": "https://usn.ubuntu.com/813-1/", "reference_id": "USN-813-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/813-1/" }, { "reference_url": "https://usn.ubuntu.com/813-2/", "reference_id": "USN-813-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/813-2/" }, { "reference_url": "https://usn.ubuntu.com/813-3/", "reference_id": "USN-813-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/813-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88305?format=api", "purl": "pkg:deb/debian/apr@1.3.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.3.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2412" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g837-8mzy-h3be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58709?format=api", "vulnerability_id": "VCID-htax-75uz-63fc", "summary": "The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1928.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1928.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14392", "scoring_system": "epss", "scoring_elements": "0.94547", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14392", "scoring_system": "epss", "scoring_elements": "0.94555", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14392", "scoring_system": "epss", "scoring_elements": "0.94557", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.14392", "scoring_system": "epss", "scoring_elements": "0.94559", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182", "reference_id": "627182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=706203", "reference_id": "706203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=706203" }, { "reference_url": "https://security.gentoo.org/glsa/201405-24", "reference_id": "GLSA-201405-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0844", "reference_id": "RHSA-2011:0844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0844" }, { "reference_url": "https://usn.ubuntu.com/1134-1/", "reference_id": "USN-1134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88311?format=api", "purl": "pkg:deb/debian/apr@1.4.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1928" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htax-75uz-63fc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3438?format=api", "vulnerability_id": "VCID-kpzd-zunz-gqau", "summary": "information disclosure", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21919", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2188", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21987", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21939", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.22001", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35940" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980328", "reference_id": "1980328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980328" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789", "reference_id": "992789", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789" }, { "reference_url": "https://security.archlinux.org/AVG-2313", "reference_id": "AVG-2313", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2313" }, { "reference_url": "https://usn.ubuntu.com/5056-1/", "reference_id": "USN-5056-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5056-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88315?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88314?format=api", "purl": "pkg:deb/debian/apr@1.7.0-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-35940" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpzd-zunz-gqau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51023?format=api", "vulnerability_id": "VCID-t1ad-c6y2-rueb", "summary": "A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.\nWorkaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack.\nResolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0419.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48782", "scoring_system": "epss", "scoring_elements": "0.97814", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.48782", "scoring_system": "epss", "scoring_elements": "0.97818", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.48782", "scoring_system": "epss", "scoring_elements": "0.97819", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.48782", "scoring_system": "epss", "scoring_elements": "0.9782", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.48782", "scoring_system": "epss", "scoring_elements": "0.97821", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390", "reference_id": "703390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703390" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2011-0419.json", "reference_id": "CVE-2011-0419", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2011-0419.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35738.php", "reference_id": "CVE-2011-0419;OSVDB-73383", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35738.php" }, { "reference_url": "https://www.securityfocus.com/bid/47820/info", "reference_id": "CVE-2011-0419;OSVDB-73383", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/47820/info" }, { "reference_url": "https://security.gentoo.org/glsa/201405-24", "reference_id": "GLSA-201405-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201405-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0507", "reference_id": "RHSA-2011:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0507" }, { "reference_url": "https://usn.ubuntu.com/1134-1/", "reference_id": "USN-1134-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1134-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88310?format=api", "purl": "pkg:deb/debian/apr@1.4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0419" ], "risk_score": 9.6, "exploitability": "2.0", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1ad-c6y2-rueb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58713?format=api", "vulnerability_id": "VCID-tuzw-casd-g7bb", "summary": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28331.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28331.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53871", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53902", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53936", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53924", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00303", "scoring_system": "epss", "scoring_elements": "0.53928", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28331" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", "reference_id": "2172556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172556" }, { "reference_url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", "reference_id": "5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-27T14:31:25Z/" } ], "url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4910", "reference_id": "RHSA-2023:4910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4910" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88309?format=api", "purl": "pkg:deb/debian/apr@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-28331" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tuzw-casd-g7bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58711?format=api", "vulnerability_id": "VCID-uan4-ejd9-y3cw", "summary": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48431", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48472", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48478", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48459", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:M/C:P/I:N/A:P" }, { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523", "reference_id": "1506523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708", "reference_id": "879708", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708" }, { "reference_url": "https://security.archlinux.org/ASA-201710-32", "reference_id": "ASA-201710-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-32" }, { "reference_url": "https://security.archlinux.org/AVG-469", "reference_id": "AVG-469", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3270", "reference_id": "RHSA-2017:3270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0316", "reference_id": "RHSA-2018:0316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1253", "reference_id": "RHSA-2018:1253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88313?format=api", "purl": "pkg:deb/debian/apr@1.6.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.6.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12613" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uan4-ejd9-y3cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51010?format=api", "vulnerability_id": "VCID-xkdh-s6na-kqdc", "summary": "Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2699.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09281", "scoring_system": "epss", "scoring_elements": "0.92891", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09281", "scoring_system": "epss", "scoring_elements": "0.92903", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.09281", "scoring_system": "epss", "scoring_elements": "0.92899", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.09281", "scoring_system": "epss", "scoring_elements": "0.92894", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.09281", "scoring_system": "epss", "scoring_elements": "0.92892", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2699" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=528756", "reference_id": "528756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=528756" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2009-2699.json", "reference_id": "CVE-2009-2699", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2009-2699.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/88309?format=api", "purl": "pkg:deb/debian/apr@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88306?format=api", "purl": "pkg:deb/debian/apr@1.7.0-6%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fbhf-cs4s-vkam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88304?format=api", "purl": "pkg:deb/debian/apr@1.7.2-3%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.2-3%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88308?format=api", "purl": "pkg:deb/debian/apr@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/88307?format=api", "purl": "pkg:deb/debian/apr@1.7.6-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.6-3%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2699" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkdh-s6na-kqdc" } ], "risk_score": "2.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/apr@1.7.0-6%252Bdeb11u2%3Fdistro=trixie" }