Search for packages
| purl | pkg:apache/httpd@2.2.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17dn-vnzu-eugr
Aliases: CVE-2009-3094 |
A NULL pointer dereference flaw was found in the mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. |
Affected by 38 other vulnerabilities. |
|
VCID-1r9x-9cx9-3far
Aliases: CVE-2008-2939 |
A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks. |
Affected by 47 other vulnerabilities. |
|
VCID-214y-hytk-t7ca
Aliases: CVE-2014-0231 |
A flaw was found in mod_cgid. If a server using mod_cgid hosted CGI scripts which did not consume standard input, a remote attacker could cause child processes to hang indefinitely, leading to denial of service. |
Affected by 9 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-2h74-w9ra-wbf7
Aliases: CVE-2009-2412 |
A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way. |
Affected by 41 other vulnerabilities. |
|
VCID-2zhx-6a6f-2uf4
Aliases: CVE-2014-0118 |
A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the "DEFLATE" input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration. |
Affected by 9 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-39rt-392b-5bey
Aliases: CVE-2011-3192 |
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory: CVE-2011-3192.txt |
Affected by 29 other vulnerabilities. |
|
VCID-4et5-418x-5qga
Aliases: CVE-2012-4558 |
A XSS flaw affected the mod_proxy_balancer manager interface. |
Affected by 15 other vulnerabilities. Affected by 40 other vulnerabilities. |
|
VCID-5n84-u3mu-nqcg
Aliases: CVE-2017-3167 |
Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request. |
Affected by 1 other vulnerability. Affected by 32 other vulnerabilities. |
|
VCID-6ak5-ayqx-z3g2
Aliases: CVE-2017-9788 |
The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault. |
Affected by 1 other vulnerability. Affected by 30 other vulnerabilities. |
|
VCID-6mta-wrjq-rffu
Aliases: CVE-2010-2791 |
An information disclosure flaw was found in mod_proxy_http in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no vulnerability on earlier versions, as proxy pools were not yet introduced. The simplest workaround is to globally configure: SetEnv proxy-nokeepalive 1 |
Affected by 47 other vulnerabilities. |
|
VCID-7f2z-4x67-hqfw
Aliases: CVE-2009-3095 |
A flaw was found in the mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. |
Affected by 38 other vulnerabilities. |
|
VCID-7jx2-zgdg-vbbr
Aliases: CVE-2012-0031 |
A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly. |
Affected by 21 other vulnerabilities. |
|
VCID-8adb-pxka-97gq
Aliases: CVE-2011-0419 |
A flaw was found in the apr_fnmatch() function of the bundled APR library. Where mod_autoindex is enabled, and a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack. Workaround: Setting the 'IgnoreClient' option to the 'IndexOptions' directive disables processing of the client-supplied request query arguments, preventing this attack. Resolution: Update APR to release 1.4.5 (bundled with httpd 2.2.19) or release 0.9.20 (bundled with httpd 2.0.65) |
Affected by 30 other vulnerabilities. |
|
VCID-95dj-xyyq-f3d1
Aliases: CVE-2008-0456 |
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. |
Affected by 42 other vulnerabilities. |
|
VCID-95jg-yyn8-pqe8
Aliases: CVE-2009-2699 |
Faulty error handling was found affecting Solaris pollset support (Event Port backend) caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service. |
Affected by 38 other vulnerabilities. |
|
VCID-a5d5-k9b3-pfbm
Aliases: CVE-2011-3607 |
An integer overflow flaw was found which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. |
Affected by 21 other vulnerabilities. |
|
VCID-bay7-x8bk-dqf6
Aliases: CVE-2009-1956 |
An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service. |
Affected by 42 other vulnerabilities. |
|
VCID-cjbk-v93c-hyav
Aliases: CVE-2009-3560 |
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM. |
Affected by 31 other vulnerabilities. |
|
VCID-cqpz-3xpm-4fhz
Aliases: CVE-2009-0023 |
A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. |
Affected by 42 other vulnerabilities. |
|
VCID-cqqz-reed-qqfx
Aliases: CVE-2012-3499 |
Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. |
Affected by 15 other vulnerabilities. Affected by 40 other vulnerabilities. |
|
VCID-cqrd-ejej-uqe9
Aliases: CVE-2010-1623 |
A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service. |
Affected by 31 other vulnerabilities. |
|
VCID-ddvz-xmkg-fkda
Aliases: CVE-2013-5704 |
HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior. |
Affected by 9 other vulnerabilities. Affected by 33 other vulnerabilities. |
|
VCID-decx-ng47-vfcr
Aliases: CVE-2009-3720 |
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM. |
Affected by 31 other vulnerabilities. |
|
VCID-dfj9-cqxy-f3ha
Aliases: CVE-2013-1896 |
Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. |
Affected by 15 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-dvvr-yvra-dqfq
Aliases: CVE-2017-3169 |
mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. |
Affected by 1 other vulnerability. Affected by 32 other vulnerabilities. |
|
VCID-ea9w-665t-67cx
Aliases: CVE-2017-7679 |
Affected by 1 other vulnerability. Affected by 32 other vulnerabilities. |
|
|
VCID-exfa-m9xw-wkap
Aliases: CVE-2009-1955 |
A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. |
Affected by 42 other vulnerabilities. |
|
VCID-f4td-t4gd-wygf
Aliases: CVE-2013-1862 |
mod_rewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
Affected by 15 other vulnerabilities. |
|
VCID-gcts-75xq-2bby
Aliases: CVE-2016-4975 |
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. |
Affected by 6 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-gw95-sjjz-p3ad
Aliases: CVE-2017-9798 |
Affected by 29 other vulnerabilities. |
|
|
VCID-gzkm-x5ue-93dp
Aliases: CVE-2012-0883 |
Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory. |
Affected by 19 other vulnerabilities. Affected by 44 other vulnerabilities. |
|
VCID-kgzj-6hae-nyfk
Aliases: CVE-2013-6438 |
XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn. |
Affected by 13 other vulnerabilities. Affected by 40 other vulnerabilities. |
|
VCID-khbv-4err-1fc7
Aliases: CVE-2009-1890 |
A denial of service flaw was found in the mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. |
Affected by 42 other vulnerabilities. |
|
VCID-marp-9ycj-4kfh
Aliases: CVE-2012-0053 |
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified. |
Affected by 21 other vulnerabilities. |
|
VCID-n12h-fyf6-97cc
Aliases: CVE-2014-0226 |
A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page. |
Affected by 9 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-r7gt-h7wm-qycw
Aliases: CVE-2010-2068 |
An information disclosure flaw was found in mod_proxy_http in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those configurations which trigger the use of proxy worker pools are affected. There was no vulnerability on earlier versions, as proxy pools were not yet introduced. The simplest workaround is to globally configure; SetEnv proxy-nokeepalive 1 |
Affected by 33 other vulnerabilities. |
|
VCID-s8dn-bj4b-g7aj
Aliases: CVE-2014-0098 |
A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. |
Affected by 13 other vulnerabilities. Affected by 40 other vulnerabilities. |
|
VCID-sfpu-wh3p-6ffv
Aliases: CVE-2010-0425 |
A flaw was found with within mod_isapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using mod_isapi, a remote attacker could send a malicious request to trigger this issue, and as win32 MPM runs only one process, this would result in a denial of service, and potentially allow arbitrary code execution. |
Affected by 35 other vulnerabilities. |
|
VCID-tg1x-bwuc-k3ef
Aliases: CVE-2012-2687 |
Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455. |
Affected by 19 other vulnerabilities. Affected by 42 other vulnerabilities. |
|
VCID-ujpu-7jcp-4bbh
Aliases: CVE-2016-5387 |
HTTP_PROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTP_PROXY" variable from a "Proxy:" header, which has never been registered by IANA. This workaround and patch are documented in the ASF Advisory at asf-httpoxy-response.txt and incorporated in the 2.4.25 and 2.2.32 releases. Note: This is not assigned an httpd severity, as it is a defect in other software which overloaded well-established CGI environment variables, and does not reflect an error in HTTP server software. |
Affected by 6 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-v8ha-n4rz-8qb8
Aliases: CVE-2009-1195 |
A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. |
Affected by 42 other vulnerabilities. |
|
VCID-vefs-83s5-8fcv
Aliases: CVE-2015-3183 |
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use. |
Affected by 8 other vulnerabilities. Affected by 29 other vulnerabilities. |
|
VCID-vfbs-rr54-e7bu
Aliases: CVE-2016-8743 |
Apache HTTP Server, prior to release 2.4.25 (and 2.2.32), accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated as whitespace and remained in the request field member "the_request", while a bare CR in the request header field name would be honored as whitespace, and a bare CR in the request header field value was retained the input headers array. Implied additional whitespace was accepted in the request line and prior to the ':' delimiter of any request header lines. RFC7230 Section 3.5 calls out some of these whitespace exceptions, and section 3.2.3 eliminated and clarified the role of implied whitespace in the grammer of this specification. Section 3.1.1 requires exactly one single SP between the method and request-target, and between the request-target and HTTP-version, followed immediately by a CRLF sequence. None of these fields permit any (unencoded) CTL character whatsoever. Section 3.2.4 explicitly disallowed any whitespace from the request header field prior to the ':' character, while Section 3.2 disallows all CTL characters in the request header line other than the HTAB character as whitespace. These defects represent a security concern when httpd is participating in any chain of proxies or interacting with back-end application servers, either through mod_proxy or using conventional CGI mechanisms. In each case where one agent accepts such CTL characters and does not treat them as whitespace, there is the possiblity in a proxy chain of generating two responses from a server behind the uncautious proxy agent. In a sequence of two requests, this results in request A to the first proxy being interpreted as requests A + A' by the backend server, and if requests A and B were submitted to the first proxy in a keepalive connection, the proxy may interpret response A' as the response to request B, polluting the cache or potentially serving the A' content to a different downstream user-agent. These defects are addressed with the release of Apache HTTP Server 2.4.25 and coordinated by a new directive; HttpProtocolOptions Strict which is the default behavior of 2.4.25 and later. By toggling from 'Strict' behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow some invalid HTTP/1.1 clients to communicate with the server, but this will reintroduce the possibility of the problems described in this assessment. Note that relaxing the behavior to 'Unsafe' will still not permit raw CTLs other than HTAB (where permitted), but will allow other RFC requirements to not be enforced, such as exactly two SP characters in the request line. |
Affected by 6 other vulnerabilities. Affected by 36 other vulnerabilities. |
|
VCID-w8xk-whq9-8baj
Aliases: CVE-2010-0408 |
mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. |
Affected by 35 other vulnerabilities. |
|
VCID-x5hy-ecvu-g7c2
Aliases: CVE-2010-1452 |
A flaw was found in the handling of requests by mod_cache (2.2) and mod_dav (2.0 and 2.2). A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated as mod_dav is only affected by requests that are most likely to be authenticated, and mod_cache is only affected if the uncommon "CacheIgnoreURLSessionIdentifiers" directive, introduced in version 2.2.14, is used. |
Affected by 33 other vulnerabilities. |
|
VCID-yte9-8u8p-qqh3
Aliases: CVE-2011-4317 |
An additional exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. |
Affected by 21 other vulnerabilities. |
|
VCID-yuy2-dbmk-93f7
Aliases: CVE-2009-1891 |
A denial of service flaw was found in the mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. |
Affected by 42 other vulnerabilities. |
|
VCID-z7xa-vrkn-t3bj
Aliases: CVE-2011-3368 |
An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/ |
Affected by 21 other vulnerabilities. |
|
VCID-zqh4-yaua-zqb3
Aliases: CVE-2010-0434 |
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headers_in array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as mod_headers which may manipulate the input headers for a subrequest would poison the parent request in two ways, one by modifying the parent request, which might not be intended, and second by leaving pointers to modified header fields in memory allocated to the subrequest scope, which could be freed before the main request processing was finished, resulting in a segfault or in revealing data from another request on threaded servers, such as the worker or winnt MPMs. |
Affected by 35 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-pk83-sfw2-gfc5 | The mod_proxy_balancer provided an administrative interface that could be vulnerable to cross-site request forgery (CSRF) attacks. |
CVE-2007-6420
|
| VCID-z4bh-2y2w-q7f1 | A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. A remote attacker could cause a denial of service or high memory usage. |
CVE-2008-2364
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T08:29:04.311596+00:00 | Apache HTTPD Importer | Affected by | VCID-gw95-sjjz-p3ad | https://httpd.apache.org/security/json/CVE-2017-9798.json | 37.0.0 |
| 2025-07-31T08:29:03.841255+00:00 | Apache HTTPD Importer | Affected by | VCID-6ak5-ayqx-z3g2 | https://httpd.apache.org/security/json/CVE-2017-9788.json | 37.0.0 |
| 2025-07-31T08:29:03.429746+00:00 | Apache HTTPD Importer | Affected by | VCID-ea9w-665t-67cx | https://httpd.apache.org/security/json/CVE-2017-7679.json | 37.0.0 |
| 2025-07-31T08:29:02.941704+00:00 | Apache HTTPD Importer | Affected by | VCID-dvvr-yvra-dqfq | https://httpd.apache.org/security/json/CVE-2017-3169.json | 37.0.0 |
| 2025-07-31T08:29:02.516238+00:00 | Apache HTTPD Importer | Affected by | VCID-5n84-u3mu-nqcg | https://httpd.apache.org/security/json/CVE-2017-3167.json | 37.0.0 |
| 2025-07-31T08:29:02.121013+00:00 | Apache HTTPD Importer | Affected by | VCID-vfbs-rr54-e7bu | https://httpd.apache.org/security/json/CVE-2016-8743.json | 37.0.0 |
| 2025-07-31T08:29:01.681477+00:00 | Apache HTTPD Importer | Affected by | VCID-ujpu-7jcp-4bbh | https://httpd.apache.org/security/json/CVE-2016-5387.json | 37.0.0 |
| 2025-07-31T08:29:01.259248+00:00 | Apache HTTPD Importer | Affected by | VCID-gcts-75xq-2bby | https://httpd.apache.org/security/json/CVE-2016-4975.json | 37.0.0 |
| 2025-07-31T08:29:00.611632+00:00 | Apache HTTPD Importer | Affected by | VCID-vefs-83s5-8fcv | https://httpd.apache.org/security/json/CVE-2015-3183.json | 37.0.0 |
| 2025-07-31T08:29:00.004771+00:00 | Apache HTTPD Importer | Affected by | VCID-214y-hytk-t7ca | https://httpd.apache.org/security/json/CVE-2014-0231.json | 37.0.0 |
| 2025-07-31T08:28:59.681728+00:00 | Apache HTTPD Importer | Affected by | VCID-n12h-fyf6-97cc | https://httpd.apache.org/security/json/CVE-2014-0226.json | 37.0.0 |
| 2025-07-31T08:28:59.352966+00:00 | Apache HTTPD Importer | Affected by | VCID-2zhx-6a6f-2uf4 | https://httpd.apache.org/security/json/CVE-2014-0118.json | 37.0.0 |
| 2025-07-31T08:28:58.987716+00:00 | Apache HTTPD Importer | Affected by | VCID-s8dn-bj4b-g7aj | https://httpd.apache.org/security/json/CVE-2014-0098.json | 37.0.0 |
| 2025-07-31T08:28:58.687949+00:00 | Apache HTTPD Importer | Affected by | VCID-kgzj-6hae-nyfk | https://httpd.apache.org/security/json/CVE-2013-6438.json | 37.0.0 |
| 2025-07-31T08:28:58.353899+00:00 | Apache HTTPD Importer | Affected by | VCID-ddvz-xmkg-fkda | https://httpd.apache.org/security/json/CVE-2013-5704.json | 37.0.0 |
| 2025-07-31T08:28:58.018155+00:00 | Apache HTTPD Importer | Affected by | VCID-dfj9-cqxy-f3ha | https://httpd.apache.org/security/json/CVE-2013-1896.json | 37.0.0 |
| 2025-07-31T08:28:57.706153+00:00 | Apache HTTPD Importer | Affected by | VCID-f4td-t4gd-wygf | https://httpd.apache.org/security/json/CVE-2013-1862.json | 37.0.0 |
| 2025-07-31T08:28:57.325908+00:00 | Apache HTTPD Importer | Affected by | VCID-4et5-418x-5qga | https://httpd.apache.org/security/json/CVE-2012-4558.json | 37.0.0 |
| 2025-07-31T08:28:56.961676+00:00 | Apache HTTPD Importer | Affected by | VCID-cqqz-reed-qqfx | https://httpd.apache.org/security/json/CVE-2012-3499.json | 37.0.0 |
| 2025-07-31T08:28:56.714840+00:00 | Apache HTTPD Importer | Affected by | VCID-tg1x-bwuc-k3ef | https://httpd.apache.org/security/json/CVE-2012-2687.json | 37.0.0 |
| 2025-07-31T08:28:56.479850+00:00 | Apache HTTPD Importer | Affected by | VCID-gzkm-x5ue-93dp | https://httpd.apache.org/security/json/CVE-2012-0883.json | 37.0.0 |
| 2025-07-31T08:28:56.184071+00:00 | Apache HTTPD Importer | Affected by | VCID-marp-9ycj-4kfh | https://httpd.apache.org/security/json/CVE-2012-0053.json | 37.0.0 |
| 2025-07-31T08:28:55.764919+00:00 | Apache HTTPD Importer | Affected by | VCID-7jx2-zgdg-vbbr | https://httpd.apache.org/security/json/CVE-2012-0031.json | 37.0.0 |
| 2025-07-31T08:28:55.470833+00:00 | Apache HTTPD Importer | Affected by | VCID-yte9-8u8p-qqh3 | https://httpd.apache.org/security/json/CVE-2011-4317.json | 37.0.0 |
| 2025-07-31T08:28:55.174152+00:00 | Apache HTTPD Importer | Affected by | VCID-a5d5-k9b3-pfbm | https://httpd.apache.org/security/json/CVE-2011-3607.json | 37.0.0 |
| 2025-07-31T08:28:54.660389+00:00 | Apache HTTPD Importer | Affected by | VCID-z7xa-vrkn-t3bj | https://httpd.apache.org/security/json/CVE-2011-3368.json | 37.0.0 |
| 2025-07-31T08:28:54.065588+00:00 | Apache HTTPD Importer | Affected by | VCID-39rt-392b-5bey | https://httpd.apache.org/security/json/CVE-2011-3192.json | 37.0.0 |
| 2025-07-31T08:28:53.668591+00:00 | Apache HTTPD Importer | Affected by | VCID-8adb-pxka-97gq | https://httpd.apache.org/security/json/CVE-2011-0419.json | 37.0.0 |
| 2025-07-31T08:28:53.482088+00:00 | Apache HTTPD Importer | Affected by | VCID-6mta-wrjq-rffu | https://httpd.apache.org/security/json/CVE-2010-2791.json | 37.0.0 |
| 2025-07-31T08:28:53.410801+00:00 | Apache HTTPD Importer | Affected by | VCID-r7gt-h7wm-qycw | https://httpd.apache.org/security/json/CVE-2010-2068.json | 37.0.0 |
| 2025-07-31T08:28:53.194892+00:00 | Apache HTTPD Importer | Affected by | VCID-cqrd-ejej-uqe9 | https://httpd.apache.org/security/json/CVE-2010-1623.json | 37.0.0 |
| 2025-07-31T08:28:52.835032+00:00 | Apache HTTPD Importer | Affected by | VCID-x5hy-ecvu-g7c2 | https://httpd.apache.org/security/json/CVE-2010-1452.json | 37.0.0 |
| 2025-07-31T08:28:52.481779+00:00 | Apache HTTPD Importer | Affected by | VCID-zqh4-yaua-zqb3 | https://httpd.apache.org/security/json/CVE-2010-0434.json | 37.0.0 |
| 2025-07-31T08:28:52.144012+00:00 | Apache HTTPD Importer | Affected by | VCID-sfpu-wh3p-6ffv | https://httpd.apache.org/security/json/CVE-2010-0425.json | 37.0.0 |
| 2025-07-31T08:28:51.947810+00:00 | Apache HTTPD Importer | Affected by | VCID-w8xk-whq9-8baj | https://httpd.apache.org/security/json/CVE-2010-0408.json | 37.0.0 |
| 2025-07-31T08:28:51.551395+00:00 | Apache HTTPD Importer | Affected by | VCID-decx-ng47-vfcr | https://httpd.apache.org/security/json/CVE-2009-3720.json | 37.0.0 |
| 2025-07-31T08:28:51.188264+00:00 | Apache HTTPD Importer | Affected by | VCID-cjbk-v93c-hyav | https://httpd.apache.org/security/json/CVE-2009-3560.json | 37.0.0 |
| 2025-07-31T08:28:50.858358+00:00 | Apache HTTPD Importer | Affected by | VCID-7f2z-4x67-hqfw | https://httpd.apache.org/security/json/CVE-2009-3095.json | 37.0.0 |
| 2025-07-31T08:28:50.531832+00:00 | Apache HTTPD Importer | Affected by | VCID-17dn-vnzu-eugr | https://httpd.apache.org/security/json/CVE-2009-3094.json | 37.0.0 |
| 2025-07-31T08:28:50.333806+00:00 | Apache HTTPD Importer | Affected by | VCID-95jg-yyn8-pqe8 | https://httpd.apache.org/security/json/CVE-2009-2699.json | 37.0.0 |
| 2025-07-31T08:28:50.124690+00:00 | Apache HTTPD Importer | Affected by | VCID-2h74-w9ra-wbf7 | https://httpd.apache.org/security/json/CVE-2009-2412.json | 37.0.0 |
| 2025-07-31T08:28:49.931286+00:00 | Apache HTTPD Importer | Affected by | VCID-bay7-x8bk-dqf6 | https://httpd.apache.org/security/json/CVE-2009-1956.json | 37.0.0 |
| 2025-07-31T08:28:49.858577+00:00 | Apache HTTPD Importer | Affected by | VCID-exfa-m9xw-wkap | https://httpd.apache.org/security/json/CVE-2009-1955.json | 37.0.0 |
| 2025-07-31T08:28:49.658474+00:00 | Apache HTTPD Importer | Affected by | VCID-yuy2-dbmk-93f7 | https://httpd.apache.org/security/json/CVE-2009-1891.json | 37.0.0 |
| 2025-07-31T08:28:49.474032+00:00 | Apache HTTPD Importer | Affected by | VCID-khbv-4err-1fc7 | https://httpd.apache.org/security/json/CVE-2009-1890.json | 37.0.0 |
| 2025-07-31T08:28:49.401185+00:00 | Apache HTTPD Importer | Affected by | VCID-v8ha-n4rz-8qb8 | https://httpd.apache.org/security/json/CVE-2009-1195.json | 37.0.0 |
| 2025-07-31T08:28:49.296436+00:00 | Apache HTTPD Importer | Affected by | VCID-cqpz-3xpm-4fhz | https://httpd.apache.org/security/json/CVE-2009-0023.json | 37.0.0 |
| 2025-07-31T08:28:49.111900+00:00 | Apache HTTPD Importer | Affected by | VCID-1r9x-9cx9-3far | https://httpd.apache.org/security/json/CVE-2008-2939.json | 37.0.0 |
| 2025-07-31T08:28:48.934329+00:00 | Apache HTTPD Importer | Fixing | VCID-z4bh-2y2w-q7f1 | https://httpd.apache.org/security/json/CVE-2008-2364.json | 37.0.0 |
| 2025-07-31T08:28:48.627808+00:00 | Apache HTTPD Importer | Affected by | VCID-95dj-xyyq-f3d1 | https://httpd.apache.org/security/json/CVE-2008-0456.json | 37.0.0 |
| 2025-07-31T08:28:48.172672+00:00 | Apache HTTPD Importer | Fixing | VCID-pk83-sfw2-gfc5 | https://httpd.apache.org/security/json/CVE-2007-6420.json | 37.0.0 |