Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5?arch=el7jbcs

Type rpm

Namespace redhat

Name jbcs-httpd24-httpd

Version 2.4.57-5

Qualifiers

arch	el7jbcs

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-4c3m-m6ku-kbhq

vulnerability_id

VCID-4c3m-m6ku-kbhq

summary

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.

Special characters in the origin response header can truncate/split the response forwarded to the client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27522.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27522

reference_id

reference_type

scores

value	0.00781
scoring_system	epss
scoring_elements	0.7369
published_at	2026-04-13T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73675
published_at	2026-04-04T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73699
published_at	2026-04-12T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73717
published_at	2026-04-11T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73696
published_at	2026-04-09T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73683
published_at	2026-04-08T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73651
published_at	2026-04-02T12:55:00Z

value	0.00781
scoring_system	epss
scoring_elements	0.73647
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/httpd/commit/d753ea76b5972a85349b68c31b59d04c60014f2d

reference_url

https://github.com/unbit/uwsgi

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unbit/uwsgi

reference_url

https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unbit/uwsgi/commit/58ee1df31fa9e9af106aaeabb82374c36b433822

reference_url

https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/unbit/uwsgi/commit/acb03530aaaeaa810f28a5b64da619525940f569

reference_url

https://httpd.apache.org/security/vulnerabilities_24.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/

url

https://httpd.apache.org/security/vulnerabilities_24.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html

reference_url

https://security.gentoo.org/glsa/202309-01

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T16:41:55Z/

url

https://security.gentoo.org/glsa/202309-01

reference_url

https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.22.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476
reference_id	1032476
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032476

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2176211
reference_id	2176211
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2176211

reference_url	https://httpd.apache.org/security/json/CVE-2023-27522.json
reference_id	CVE-2023-27522
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2023-27522.json

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-27522

reference_id

CVE-2023-27522

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-27522

reference_url

https://github.com/advisories/GHSA-vcph-37mh-fqrh

reference_id

GHSA-vcph-37mh-fqrh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vcph-37mh-fqrh

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5049
reference_id	RHSA-2023:5049
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5049

reference_url	https://access.redhat.com/errata/RHSA-2023:5050
reference_id	RHSA-2023:5050
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5050

reference_url	https://access.redhat.com/errata/RHSA-2023:6403
reference_id	RHSA-2023:6403
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6403

reference_url	https://access.redhat.com/errata/RHSA-2024:4504
reference_id	RHSA-2024:4504
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4504

reference_url	https://usn.ubuntu.com/5942-1/
reference_id	USN-5942-1
reference_type
scores
url	https://usn.ubuntu.com/5942-1/

fixed_packages

aliases

CVE-2023-27522, GHSA-vcph-37mh-fqrh

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4c3m-m6ku-kbhq

url

VCID-6qk8-1cj1-4fh7

vulnerability_id

VCID-6qk8-1cj1-4fh7

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36760

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.52542
published_at	2026-04-13T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52508
published_at	2026-04-04T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52475
published_at	2026-04-07T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52528
published_at	2026-04-08T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52522
published_at	2026-04-09T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52573
published_at	2026-04-11T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52558
published_at	2026-04-12T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52481
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161777
reference_id	2161777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161777

reference_url

https://security.archlinux.org/AVG-2824

reference_id

AVG-2824

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2824

reference_url	https://httpd.apache.org/security/json/CVE-2022-36760.json
reference_id	CVE-2022-36760
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2022-36760.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0852
reference_id	RHSA-2023:0852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0852

reference_url	https://access.redhat.com/errata/RHSA-2023:0970
reference_id	RHSA-2023:0970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0970

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://usn.ubuntu.com/5834-1/
reference_id	USN-5834-1
reference_type
scores
url	https://usn.ubuntu.com/5834-1/

reference_url	https://usn.ubuntu.com/5839-1/
reference_id	USN-5839-1
reference_type
scores
url	https://usn.ubuntu.com/5839-1/

fixed_packages

aliases

CVE-2022-36760

risk_score

3.1

exploitability

0.5

weighted_severity

6.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7

url

VCID-htfx-mahy-9kde

vulnerability_id

VCID-htfx-mahy-9kde

summary

Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37436

reference_id

reference_type

scores

value	0.00463
scoring_system	epss
scoring_elements	0.64237
published_at	2026-04-13T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64235
published_at	2026-04-04T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64196
published_at	2026-04-07T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64246
published_at	2026-04-08T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64262
published_at	2026-04-09T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64275
published_at	2026-04-11T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64264
published_at	2026-04-12T12:55:00Z

value	0.00463
scoring_system	epss
scoring_elements	0.64208
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161773
reference_id	2161773
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161773

reference_url

https://security.archlinux.org/AVG-2824

reference_id

AVG-2824

reference_type

scores

value	Unknown
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2824

reference_url	https://httpd.apache.org/security/json/CVE-2022-37436.json
reference_id	CVE-2022-37436
reference_type
scores
url	https://httpd.apache.org/security/json/CVE-2022-37436.json

reference_url	https://access.redhat.com/errata/RHSA-2023:0852
reference_id	RHSA-2023:0852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0852

reference_url	https://access.redhat.com/errata/RHSA-2023:0970
reference_id	RHSA-2023:0970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0970

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://usn.ubuntu.com/5839-1/
reference_id	USN-5839-1
reference_type
scores
url	https://usn.ubuntu.com/5839-1/

reference_url	https://usn.ubuntu.com/5839-2/
reference_id	USN-5839-2
reference_type
scores
url	https://usn.ubuntu.com/5839-2/

fixed_packages

aliases

CVE-2022-37436

risk_score

2.4

exploitability

0.5

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.57-5%3Farch=el7jbcs

Package Instance