175.123.253.67
{
"scan_id": 1751128375,
"ip": "175.123.253.67",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "175.123.252.0/22",
"postal_code": "037",
"coordinates": {
"latitude": "37.5551",
"longitude": "126.9369"
},
"geo_point": "37.5551, 126.9369",
"locale_code": "en",
"continent": "Asia",
"country_code": "KR",
"country_name": "South Korea",
"city": "Seodaemun-gu"
},
"location_updated_at": "2025-06-29T00:42:25Z",
"asn": {
"number": "AS9318",
"organization": "SK Broadband Co Ltd",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "175.112.0.0/12",
"organization": "SK Broadband Co Ltd",
"descr": "SK Broadband Co Ltd",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T19:03:46Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-06-29T00:42:25Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-06-29T01:30:20Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-06-29T00:42:25Z"
}
],
"services": [
{
"port": 22,
"protocol": "tcp",
"name": "ssh",
"version": "5.3",
"product": "OpenSSH",
"extra_info": "protocol 2.0",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:openbsd:openssh:5.3",
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "5\\.3",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"ssh": {
"banner": "SSH-2.0-OpenSSH_5.3",
"client_to_server_ciphers": [
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"arcfour256",
"arcfour128",
"aes128-cbc",
"3des-cbc",
"blowfish-cbc",
"cast128-cbc",
"aes192-cbc",
"aes256-cbc",
"arcfour",
"[email protected]"
],
"client_to_server_compression": [
"none",
"[email protected]"
],
"client_to_server_macs": [
"hmac-md5",
"hmac-sha1",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-ripemd160",
"[email protected]",
"hmac-sha1-96",
"hmac-md5-96"
],
"host_key_algorithms": [
"ssh-rsa",
"ssh-dss"
],
"kex_algorithms": [
"diffie-hellman-group-exchange-sha256",
"diffie-hellman-group-exchange-sha1",
"diffie-hellman-group14-sha1",
"diffie-hellman-group1-sha1"
],
"key": {
"algorithm": "ssh-rsa",
"fingerprint_sha256": "db78967ac46a060e559d4e1a72b1c3330ba097659de228d62774924b448c01d2",
"raw": "AAAAB3NzaC1yc2EAAAABIwAAAQEApcgaqMkY7C8OeFGMLJbQKdFVGRh8lbq746zxnbtKCFVJmX4EzuIpRp7tp7W7WwQ4L0HMoeXL2QTk0rAv+oqHWlIjeSEFaN03+/ADLzTv43y8LLXU3HHyb5fmHaEec0TmsNurFyFX7wefW6a/Vi0zgTtb1VkYlR9CAmI0iFlJOg673XNBtNovTwWW/V/jJDsODZxW8P1Hu708+hn2Gmb2aNiqbctUhxVcKq+mh6vvNWKmXlprp6DfLu5yH3/A8Hm8/JWjhZg65lSMFVw4zwo8PCJiFPvIl2najnOchHc5aCdbLN1NoWzCrfMgvVtXNsKtWwhUUXfPpXUsVooIExtCrw=="
},
"server_to_client_ciphers": [
"aes128-ctr",
"aes192-ctr",
"aes256-ctr",
"arcfour256",
"arcfour128",
"aes128-cbc",
"3des-cbc",
"blowfish-cbc",
"cast128-cbc",
"aes192-cbc",
"aes256-cbc",
"arcfour",
"[email protected]"
],
"server_to_client_compression": [
"none",
"[email protected]"
],
"server_to_client_macs": [
"hmac-md5",
"hmac-sha1",
"[email protected]",
"hmac-sha2-256",
"hmac-sha2-512",
"hmac-ripemd160",
"[email protected]",
"hmac-sha1-96",
"hmac-md5-96"
],
"software": "OpenSSH_5.3",
"version": "2.0"
}
},
"cve": [
{
"id": "CVE-2007-2768",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2008-3844",
"score": 9.3,
"severity": "high"
},
{
"id": "CVE-2010-4478",
"score": 7.5,
"severity": "high"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-26T04:09:51.998Z"
},
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "2.2.15",
"product": "Apache httpd",
"extra_info": "(CentOS)",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.2.15",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.2\\.15",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": " <!doctype html>\r\n<html lang=\"kr\">\r\n<head>\r\n\t<meta charset=\"UTF-8\">\r\n\t<title>LinkAid</title>\r\n\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\">\r\n\t<meta name=\"naver-site-verification\" content=\"1f1ebbfe26381d0874f24738d9aa7c65b85997a5\"/>\r\n\t<meta name=\"description\" content=\"링크에이드,linkaid,cpa 광고, 바이럴마케팅, 온라인광고, 종합광고대행, 블로그로 돈버는법\"></meta>\r\n\t<link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"/linkaid.ico\">\r\n\t<link rel=\"stylesheet\" href=\"/css/import.css\">\r\n\t<link rel=\"stylesheet\" href=\"/css/adoo.css\">\r\n\t<script type=\"text/javascript\" src=\"/js/jquery-1.8.3.min.js\"></script>\r\n\t<script src=\"/js/jquery-ui.1.12.0.js\"></script>\r\n</head>\r\n<body>\r\n\r\n<div class=\"login_container\">\r\n\t<form id=\"login_form\">\r\n\t\t<input name=\"cmd\" type=\"hidden\" value=\"login\" />\r\n\t\t<input name=\"url\" type=\"hidden\" value=\"\" />\t\t\r\n\r\n\t\t<p class=\"login_title\"><!-- ADoo --><img src=\"/images/index_logo.jpg\" alt=\"LINKAID\"></p>\r\n\t\t<div class=\"login_box\">\r\n\t\t\t<label class=\"login_box_label\"><input name=\"login_type\" type=\"radio\" value=\"A\" /> 광고주</label>\r\n\t\t\t<label class=\"login_box_label\"><input name=\"login_type\" type=\"radio\" value=\"M\" checked /> 마케터</label>\r\n\t\t\t<div class=\"login_input_box\">\r\n\t\t\t\t<input name=\"uid\" type=\"text\" value=\"\" placeholder=\"이메일 주소\" onKeyDown=\"EnterPw();\" />\r\n\t\t\t\t<input name=\"upass\" type=\"password\" placeholder=\"비밀번호\" onKeyDown=\"EnterPw();\" />\r\n\t\t\t</div>\t\t\t\r\n\t\t\t<input name=\"login\" type=\"button\" value=\"로그인\" class=\"login_btn\" />\r\n\t\t\t<ul class=\"login_sub_box\">\r\n\t\t\t\t<li><label><input name=\"id_save\" type=\"checkbox\" value=\"Y\" /> 이메일저장</label></li>\r\n\t\t\t\t<li style=\"padding-top: 20px; border-top: 1px solid #e6e6e6; margin-top: 50px; width: 100%;\">\r\n\t\t\t\t\t<a href=\"/member/mem_join?cmd=mem_find\">아이디</a> / \r\n\t\t\t\t\t<a href=\"/member/mem_join?cmd=mem_pass_find\">비밀번호 찾기</a> \r\n\t\t\t\t\t<span style=\"padding:0 10px 0 10px\"> | </span> \r\n\t\t\t\t\t<a href=\"/member/mem_join\">회원가입</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t<div style=\"clear:both;\"></div>\r\n\t\t\t</ul>\r\n\t\t</div>\r\n\t</form>\r\n\r\n\t<div class=\"login_copyright\">Copyright LINKAID 2019</div>\r\n\t<div id=\"feedback\"></div>\r\n</div>\r\n\r\n</body>\r\n</html>\r\n\r\n<script type=\"text/javascript\">\r\n<!--\r\n\t$(function(){\r\n\t\t$(\".login_btn\").on(\"click\", function(){\r\n\t\t\tif($(\"input[name='uid']\").val() == ''){\r\n\t\t\t\talert('이메일 주소를 입력 해주세요.');\r\n\t\t\t\t$(\"input[name='uid']\").focus();\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif($(\"input[name='upass']\").val() == ''){\r\n\t\t\t\talert('비밀번호를 입력 해주세요.');\r\n\t\t\t\t$(\"input[name='upass']\").focus();\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\r\n\t\t\t$.ajax({\r\n\t\t\t\ttype : \"POST\"\r\n\t\t\t\t, url : \"/member/login\"\r\n\t\t\t\t, data : $(\"#login_form\").serialize()\r\n\t\t\t\t, success : function(html) {\r\n\t\t\t\t\t$(\"#feedback\").html(html);\r\n\t\t\t\t}\r\n\t\t\t});\r\n\t\t});\r\n\t});\r\n\r\n\tvar EnterPw = function(){\r\n\t\tif(event.keyCode==13) {\r\n\t\t\tif($(\"input[name='uid']\").val() == ''){\r\n\t\t\t\talert('이메일 주소를 입력 해주세요.');\r\n\t\t\t\t$(\"input[name='uid']\").focus();\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif($(\"input[name='upass']\").val() == ''){\r\n\t\t\t\talert('비밀번호를 입력 해주세요.');\r\n\t\t\t\t$(\"input[name='upass']\").focus();\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\r\n\t\t\t$.ajax({\r\n\t\t\t\ttype : \"POST\"\r\n\t\t\t\t, url : \"/member/login\"\r\n\t\t\t\t, data : $(\"#login_form\").serialize()\r\n\t\t\t\t, success : function(html) {\r\n\t\t\t\t\t$(\"#feedback\").html(html);\r\n\t\t\t\t}\r\n\t\t\t});\r\n\t\t}\r\n\t}\r\n//-->\r\n</script>\r\n\r\n\r\n<!-- 팝업 -->\r\n<style>\r\n\t.popup_common { position:absolute; z-index:1000; border:2px solid #ccc; box-shadow:3px 3px 3px #555; }\r\n\t.pop_btn_area { position:absolute; width:100%; bottom:0; padding:10px 0; background:#eee; font-size:0.9em; overflow:hidden; }\r\n\t.pop_btn_area span { float:right; text-align:right;}\r\n\t.btn_today_close { margin-left:10px; padding:5px; border-radius:2px; background:#ff6600; color:#fff; }\r\n\t.btn_now_close { margin-right:10px; padding:5px 10px; border-radius:2px; background:#2b4e88; color:#fff; }\r\n\r\n\t.popup_title { padding:10px 7px; background:#eee; font-size:12px; color:#888; }\r\n\t.popup_title span { float:right; padding:2px 5px; background:#999; font-size:14px; color:#fff; cursor:pointer; }\r\n</style>\r\n<script type=\"text/javascript\">\r\n<!--\r\n\tfunction event_benner_close(n)\r\n\t{\r\n\t\t$(\"#popup_\"+n).hide();\r\n\t}\r\n\r\n\tfunction setCookie( name, value, expiredays )\r\n\t{\r\n\t\tvar todayDate = new Date();\r\n\t\ttodayDate.setDate( todayDate.getDate() + expiredays );\r\n\t\tdocument.cookie = name + \"=\" + escape( value ) + \"; path=/; expires=\" + todayDate.toGMTString() + \";\"\r\n\t}\r\n\r\n\tfunction closeBenner(no)\r\n\t{\r\n\t\tsetCookie(\"popup_div_\"+no, \"view_done\", 1);\r\n\t\tevent_benner_close(no);\r\n\t}\r\n\r\n\t$(document).ready(function(){\r\n\t\tgetCookieData = document.cookie;\r\n\t\tcookieArr = getCookieData.split(';');\r\n\t\tfor(var i=0; i<cookieArr.length; i++)\r\n\t\t{\r\n\t\t\tbenerCookie = cookieArr[i].split('=');\r\n\t\t\tif(benerCookie[1]=='view_done')\r\n\t\t\t{\r\n\t\t\t\tdivNo = benerCookie[0].split('_'); // 팝업 div 번호\r\n\t\t\t\tevent_benner_close(divNo[2]);\r\n\t\t\t\t//break;\r\n\t\t\t}\r\n\t\t}\r\n\t});\r\n//-->\r\n</script>\r\n\r\n",
"body_murmur": 1180546255,
"body_sha256": "7ac21b71b2f6d85ee9677db7d681703dd8816b0ee2528e863e32b8cd532516f3",
"component": [
"CentOS",
"Apache HTTP Server:2.2.15"
],
"content_length": 4998,
"favicon": {
"md5_hash": "d255f4ce50fb9b8f9ac2f58e2a49734c",
"murmur_hash": 1071933036,
"path": "http://175.123.253.67:80/linkaid.ico",
"size": 2497
},
"headers": {
"cache_control": [
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
],
"content_length": [
"4998"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sat, 28 Jun 2025 17:39:56 GMT"
],
"expires": [
"Thu, 19 Nov 1981 08:52:00 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache/2.2.15 (CentOS)"
],
"set_cookie": [
"PHPSESSID=p6rctbblll1j8pkgjrkm7oe4f5; path=/"
],
"x_powered_by": [
"PHP/5.6.40"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "175.123.253.67",
"path": "",
"scheme": "http"
}
},
"status_code": 200,
"title": "LinkAid"
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2008-0455",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2009-3560",
"score": 5,
"severity": "medium"
}
],
"url": "http://175.123.253.67/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-28T17:39:55.82Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "2.2.15",
"product": "Apache httpd",
"extra_info": "(CentOS)",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.2.15",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.2\\.15",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html>\r\n<html lang=\"ko\">\r\n\r\n<head>\r\n\t<meta charset=\"utf-8\">\r\n\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, , maximum-scale=1, minimum-scale=1, user-scalable=no, viewport-fit=cover\">\r\n\r\n\t<!-- mobile : 브라우저 색상 변경 #0994ef [written by bhh] -->\r\n\t<meta name=\"theme-color\" content=\"#0994ef\">\r\n\r\n\t\t<meta property=\"og:title\" content=\"우리집 이사, 청소엔 모두이사\" />\r\n\t<meta property=\"og:image\" content=\"https://175.123.253.67/v2/images/default_og_image.jpg\">\r\n\t<meta property=\"og:description\" content=\"정식허가업체정보, 후기, 평가등급을 한눈에 확인하고 무료 견적 비교하자\" />\r\n\t<meta property=\"og:url\" content=\"http://modoo24.net\" />\r\n\t<meta name=\"description\" content=\"정식허가업체정보, 후기, 평가등급을 한눈에 확인하고 무료 견적 비교하자\">\r\n\t\t<meta name=\"author\" content=\"모두이사\">\r\n\t<meta name=\"keywords\" content=\"이사,포장이사,비대면이사,비대면\">\r\n\t<meta name=\"format-detection\" content=\"telephone=no, address=no, email=no\">\r\n\r\n\t<meta http-equiv=\"Content-Security-Policy\" content=\"upgrade-insecure-requests\">\r\n\r\n\t<meta name=\"csrf-token\" content=\"Z5FPJGN9cU9d27fni2w24lcwA64UToBptefEbnjN\">\r\n\r\n\t<title>모두이사</title>\r\n\r\n\t<link rel=\"shortcut icon\" href=\"/modoo24.ico\">\r\n\r\n\t<!-- Latest compiled and minified CSS -->\r\n\t<link rel=\"stylesheet\" href=\"https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css\" integrity=\"sha384-HSMxcRTRxnN+Bdg0JdbxYKrThecOKuH5zCYotlSAcp1+c8xmyTe9GYg1l9a69psu\" crossorigin=\"anonymous\">\r\n\r\n\t<!-- Optional theme -->\r\n\t<link rel=\"stylesheet\" href=\"https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap-theme.min.css\" integrity=\"sha384-6pzBo3FDv/PJ8r2KRkGHifhEocL+1X2rVCTTkUfGk7/0pbek5mMa1upzvWbrUbOZ\" crossorigin=\"anonymous\">\r\n\r\n\r\n\r\n\t<script type=\"text/javascript\" src=\"https://code.jquery.com/jquery-latest.min.js\"></script>\r\n\t<script src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js\"></script>\r\n\r\n\r\n\r\n\t<!-- Fonts and icons -->\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"https://fonts.googleapis.com/css?family=Roboto:300,400,500,700|Roboto+Slab:400,700|Material+Icons\" />\r\n\t<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css\">\r\n\t<!-- CSS Files -->\r\n\t<link href=\"/v1/css/material-kit.css?v=2.0.7\" rel=\"stylesheet\" />\r\n\t<!-- CSS Just for demo purpose, don't include it in your project -->\r\n\t<link href=\"/v1/css/demo.css\" rel=\"stylesheet\" />\r\n\t<link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css\" integrity=\"sha512-1PKOgIY59xJ8Co8+NE6FZ+LOAZKjy+KY8iq0G4B3CyeY6wYHN3yt9PW0XpSriVlkMXe40PTKnXrLnZ9+fkDaog==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\" />\r\n\r\n\r\n\r\n\r\n\t<script src=\"https://unpkg.com/[email protected]/dist/js/bootstrap-datepicker.js\"></script>\r\n\t<link rel=\"stylesheet\" href=\"https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/1.9.0/css/bootstrap-datepicker3.min.css\" integrity=\"sha512-rxThY3LYIfYsVCWPCW9dB0k+e3RZB39f23ylUYTEuZMDrN/vRqLdaCBo/FbvVT6uC2r0ObfPzotsfKF9Qc5W5g==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\" />\r\n\t<script src=\"https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/1.9.0/locales/bootstrap-datepicker.ko.min.js\" integrity=\"sha512-L4qpL1ZotXZLLe8Oo0ZyHrj/SweV7CieswUODAAPN/tnqN3PA1P+4qPu5vIryNor6HQ5o22NujIcAZIfyVXwbQ==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"></script>\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/v1/css/main_ct.css?v=20250331\" />\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/v1/css/common.css?v=20250331\" />\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/v1/css/font.css?v=20250331\" />\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/v1/css/main_popup.css?v=20250331\" />\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/community/assets/css/defaultfont.css?v=20250331\" />\r\n\r\n\t<!-- Core JS Files 메뉴 -->\r\n\t<script src=\"/v1/js/core/popper.min.js\" type=\"text/javascript\"></script>\r\n\t<script src=\"/v1/js/core/bootstrap-material-design.min.js\" type=\"text/javascript\"></script>\r\n\t<!-- Control Center for Material Kit: parallax effects, scripts for the example pages etc -->\r\n\r\n\t\t<!-- 홈에 clse tag 안맞는 현상으로 스크립트 죽임 -->\r\n\t<script src=\"/v2/assets/js/material-kit.js?v=2.0.7\" type=\"text/javascript\"></script>\r\n\t\r\n\r\n\r\n\t<!-- handlebar\r\n\t<script src=\"https://cdn.jsdelivr.net/npm/handlebars@latest/dist/handlebars.js\"></script> -->\r\n\t<!-- sweetalert\r\n\t<script src=\"https://cdn.jsdelivr.net/npm/sweetalert2@11\"></script> -->\r\n\t<!-- toast\r\n\t<script src=\"https://cdn.jsdelivr.net/npm/[email protected]/dist/js/iziToast.min.js\" integrity=\"sha256-321PxS+POvbvWcIVoRZeRmf32q7fTFQJ21bXwTNWREY=\" crossorigin=\"anonymous\"></script> -->\r\n\r\n\t<!-- handlebar -->\r\n\t<script src=\"https://fastly.jsdelivr.net/npm/handlebars@latest/dist/handlebars.js\"></script>\r\n\t<!-- sweetalert -->\r\n\t<script src=\"https://fastly.jsdelivr.net/npm/sweetalert2@11\"></script>\r\n\t<!-- toast -->\r\n\t<script src=\"https://fastly.jsdelivr.net/npm/[email protected]/dist/js/iziToast.min.js\" integrity=\"sha256-321PxS+POvbvWcIVoRZeRmf32q7fTFQJ21bXwTNWREY=\" crossorigin=\"anonymous\"></script>\r\n\r\n\r\n\r\n\t<link rel=\"stylesheet\" href=\"/community/assets/stisla/node_modules/izitoast/dist/css/iziToast.min.css\">\r\n\t<!-- swiper -->\r\n\t<link rel=\"stylesheet\" href=\"https://unpkg.com/swiper@7/swiper-bundle.min.css\" />\r\n\t<script src=\"https://unpkg.com/swiper@7/swiper-bundle.min.js\"></script>\r\n\t<!-- custom -->\r\n\t<script src=\"/community/assets/js/default.js?v=20220111150300\"></script>\r\n\r\n\t<script>\r\n\t\t/*************************************\r\n\t\tMenu Area\r\n\t\t*************************************/\r\n\t\t$(\".menu-icon\").click(function() {\r\n\t\t\t$('.menu-area').fadeIn();\r\n\t\t\t$('body').css({\r\n\t\t\t\t\"overflow-y\": \"hidden\",\r\n\t\t\t\t\"height\": \"100%\"\r\n\t\t\t});\r\n\t\t});\r\n\r\n\t\t$(\"#colophon .company-information #footer-navigation ul li:nth-child(3)\").click(function() {\r\n\t\t\t$('.menu-area').fadeIn();\r\n\t\t\t$('body').css({\r\n\t\t\t\t\"overflow-y\": \"hidden\",\r\n\t\t\t\t\"height\": \"100%\"\r\n\t\t\t});\r\n\t\t});\r\n\r\n\t\t$(\".menu-area .close-icon\").click(function() {\r\n\t\t\t$('.menu-area').fadeOut();\r\n\t\t\t$('body').css({\r\n\t\t\t\t\"overflow-y\": \"auto\",\r\n\t\t\t\t\"height\": \"auto\"\r\n\t\t\t});\r\n\t\t});\r\n\t</script>\r\n\r\n\t<!-- 라라벨에서 가져오는 데이터와 슬라이더\r\n<script src=\"/community/newmain.js?v=20221021153900\"></script> \r\n-->\r\n<style>\r\n\t/*\r\n\t.right_menu {\r\n\twidth:40%\r\n\t}/*헤더수정_1101*/\r\n\r\n\t.move_review_item_point { margin-top: 14px; }\r\n</style>\r\n\r\n\t<!-- Google Tag Manager -->\r\n\t<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':\r\n\tnew Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],\r\n\tj=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=\r\n\t'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);\r\n\t})(window,document,'script','dataLayer','GTM-MWJDGCQ');</script>\r\n\t<!-- End Google Tag Manager -->\r\n\r\n\t<!-- naver 공용 스크립트 s -->\r\n\t<script type=\"text/javascript\" src=\"//wcs.naver.net/wcslog.js\"> </script> \r\n\t<script type=\"text/javascript\"> \r\n\t\tif (!wcs_add) var wcs_add={};\r\n\t\twcs_add[\"wa\"] = \"s_3a589317ff16\";\r\n\t\tif (!_nasa) var _nasa={};\r\n\t\tif(window.wcs){\r\n\t\t\twcs.inflow();\r\n\t\t\twcs_do();\r\n\t\t}\r\n\t</script>\r\n\t<!-- naver 공용 스크립트 e -->\r\n</head>\r\n<body>\r\n\r\n \r\n\t<!--pc 및 mobile 메뉴-->\r\n\t<!-- .menu-area start -->\r\n\t<div class=\"menu-area\">\r\n\t\t<div class=\"inner\">\r\n\t\t\t<p class=\"mobile-only site-title\"><a class=\"fmenu_logo gotohome\" href=\"#\"><img src=\"/v1/image/main_N/logo.png\"><span>모두</span></a></p>\r\n\t\t\t<strong>사이트맵</strong>\r\n\t\t\t<span class=\"close-icon\"></span>\r\n\r\n\t\t\t<nav class=\"mobile-only\" id=\"lang-navigation\">\r\n\t\t\t\t<ul class=\"mobile-only\">\r\n\t\t\t\t</ul>\r\n\t\t\t</nav><!-- #lang-navigation -->\r\n\r\n\t\t\t<span class=\"search-icon mobile-only\"></span>\r\n\r\n\t\t\t<nav id=\"sitemap\">\r\n\t\t\t\t<ul>\r\n\t\t\t\t\t<li class=\"main-beyond-build has-children\">\r\n\t\t\t\t\t\t<a href=\"/v1/modoo/service\">모두이사</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li><a href=\"/v1/modoo/service\">서비스소개</a></li>\r\n\t\t\t\t\t\t\t<li><a href=\"/v1/modoo/contact_info.php\">방문견적 가이드</a></li>\r\n\t\t\t\t\t\t\t<!-- <li><a href=\"/v1/modoo/ccm.php\">소비자중심경영 CCM</a></li>\r\n\t\t\t\t\t\t\t<li><a href=\"/v1/modoo/untact_info.php\">비대면견적 가이드</a></li> -->\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-business-area has-children\">\r\n\t\t\t\t\t\t<a href=\"/v2/posts/tip\">커뮤니티</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li><a href=\"/v2/posts/tip\">모두 꿀 TIP</a></li>\r\n\t\t\t\t\t\t\t<li><a href=\"/v2/posts/fun\">모두 FUN</a></li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-innovation has-children\">\r\n\t\t\t\t\t\t<a href=\"/community/posts/jisik\">이사지식인</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li><a href=\"/community/posts/jisik\">이사지식인</a></li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-esg has-children\">\r\n\t\t\t\t\t\t<a href=\"/v2/event\">이벤트</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li><a href=\"/v2/event\">이벤트</a></li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-career has-children\">\r\n\t\t\t\t\t\t<a href=\"/v1/move/review\">후기&평가</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li class=\"has-children\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v2/review\">칭찬후기</a>\r\n\t\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t\t<li class=\"has-children\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v2/review/my\">이사업체 칭찬하기</a>\r\n\t\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-about-us has-children\">\r\n\t\t\t\t\t\t<a href=\"/v2/my/request\">이사신청내역</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li><a href=\"/v2/my/request\">이사신청내역</a></li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-newsroom has-children\">\r\n\t\t\t\t\t\t<a href=\"/v1/move/custom_business\">파트너제휴</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li><a href=\"/v1/move/custom_business\">파트너제휴</a></li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li class=\"main-career has-children\">\r\n\t\t\t\t\t\t<a href=\"/v1/customer/notice\">고객센터</a>\r\n\t\t\t\t\t\t<ul class=\"sub-menu\">\r\n\t\t\t\t\t\t\t<li class=\"has-children\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/customer/notice\">모두 뉴스</a>\r\n\t\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t\t<li class=\"has-children\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/customer/faq.php\">자주묻는 질문</a>\r\n\t\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t\t<li class=\"has-children\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/customer/contact_info.php\">이사정보</a>\r\n\t\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t\t<li onclick=\"viewpopcal()\" class=\"has-children\">\r\n\t\t\t\t\t\t\t\t<a>손없는날<div class=\"ripple-container\"></div><div class=\"ripple-container\"></div></a>\r\n\t\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t</li>\r\n\r\n\t\t\t\t</ul>\r\n\t\t\t</nav>\r\n\t\t\t<!-- #utility-line -->\r\n\t\t\t<p class=\"with-posco mobile-only\"></p><!-- .with-posco -->\r\n\t\t</div><!-- .inner -->\r\n\t</div>\r\n\t<!-- .menu-area end -->\r\n\r\n\r\n\t<header class=\"pc\" id=\"menu_wrap\">\r\n\t\t<div class=\"menu_floor01\">\r\n\t\t\t<div class=\"center pc_top_center\">\r\n\t\t\t\t<a class=\"logoN gotohome\" href=\"#\"><img src=\"/v1/image/main_N/logo.png\"><span>모두</span></a>\r\n\t\t\t\t<div class=\"right_menu\" style=\"width:25%;\">\r\n\t\t\t\t\t<ul class=\"right_menu_list\">\r\n\t\t\t\t\t\t<li>\r\n\t\t\t\t\t\t\t<ul class=\"menu01\">\r\n\t\t\t\t\t\t\t\t<li><a href=\"/v2/my/request\">이사 신청내역</a></li>\r\n\t\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li class=\"voc\">\r\n\t\t\t\t\t\t\t<a href=\"/v2/voc/my\">불편접수</a>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li>\r\n\t\t\t\t\t\t <span class=\"menu-icon\"></span>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t</ul>\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t\t<div class=\"menu_floor02\">\r\n\t\t\t<ul class=\"left_menu\">\r\n\t\t\t\t<li><a class=\"color_pt\">이사</a></li>\r\n\t\t\t\t<li><a href=\"http://modooclean.com/\">청소</a></li>\r\n\t\t\t\t<li><a href=\"http://internet.linkaid.co.kr/\">인터넷</a></li>\r\n\t\t\t</ul>\r\n\t\t\t<span class=\"menu_line\">|</span>\r\n\t\t\t<!-- <ul class=\"middle_menu\">\r\n\t\t\t\t<li><a class=\"color_pt\" href=\"/v2/posts/tip\"><span class=\"glyphicon glyphicon-paperclip\"></span> 모두꿀TIP</a></li>\r\n\t\t\t\t<li><a class=\"color_pt\" href=\"/v2/posts/fun\">모두FUN</a></li>\r\n\t\t\t</ul>\r\n\t\t\t<span class=\"menu_line\">|</span> -->\r\n\t\t\t<ul class=\"middle_drop\">\r\n\t\t\t\t<li class=\"dropdown\">\r\n\t\t\t\t\t<a href=\"#\" class=\"dropdown-toggle\" data-toggle=\"dropdown\" role=\"button\" aria-haspopup=\"true\" aria-expanded=\"false\">모두이사</a>\r\n\t\t\t\t\t<ul class=\"dropdown-menu\" style=\"left: -20px\">\r\n\t\t\t\t\t\t<li><a href=\"/v1/modoo/service.php\">서비스소개</a></li>\r\n\t\t\t\t\t\t<li><a href=\"/v1/modoo/contact_info.php\">방문견적 가이드</a></li>\r\n\t\t\t\t\t\t<!-- <li><a href=\"/v1/modoo/ccm.php\">소비자중심경영 CCM</a></li>\r\n\t\t\t\t\t\t<li><a href=\"/v1/modoo/untact_info.php\">비대면견적 가이드</a></li> -->\r\n\t\t\t\t\t</ul>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"dropdown\">\r\n\t\t\t\t\t<a href=\"#\" class=\"dropdown-toggle\" data-toggle=\"dropdown\" role=\"button\" aria-haspopup=\"true\" aria-expanded=\"false\">고객센터</a>\r\n\t\t\t\t\t<ul class=\"dropdown-menu\">\r\n\t\t\t\t\t\t<!-- <li><a href=\"/v1/customer/notice\">모두 뉴스</a></li> -->\r\n\t\t\t\t\t\t<li><a href=\"/v1/customer/faq\">자주묻는 질문</a></li>\r\n\t\t\t\t\t\t<li><a href=\"/v1/customer/contact_info\">이사정보</a></li>\r\n\t\t\t\t\t\t<li onclick=\"viewpopcal()\">\r\n\t\t\t\t\t\t\t<a>손없는날\r\n\t\t\t\t\t\t\t\t<div class=\"ripple-container\">\r\n\t\t\t\t\t\t\t\t\t<div class=\"ripple-decorator ripple-on ripple-out\" style=\"left: 62.4584px; top: 12.592px; background-color: rgb(255, 255, 255); transform: scale(20);\"></div>\r\n\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t</ul>\r\n\t\t\t\t</li>\r\n\t\t\t\t<!-- <li class=\"dropdown\">\r\n\t\t\t\t\t<a href=\"/v2/event\" role=\"button\" aria-haspopup=\"true\" aria-expanded=\"false\">이벤트</a>\r\n\t\t\t\t</li> -->\r\n\t\t\t</ul>\r\n\t\t\t<span class=\"menu_line\">|</span>\r\n\t\t\t<ul class=\"menu_tip\">\r\n\t\t\t\t<!-- <li>\r\n\t\t\t\t\t<a href=\"/v2/review\">칭찬후기</a>\r\n\t\t\t\t</li> -->\r\n\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/v2/review/my\">이사업체칭찬하기</a>\r\n\t\t\t\t</li>\r\n\t\t\t</ul>\r\n\t\t\t<span class=\"menu_line\">|</span>\r\n\t\t\t<div>\r\n\t\t\t\t<a class=\"color_bk\" href=\"tel:16007728\">\r\n\t\t\t\t\t<p class=\"service_text\">고객만족 서비스센터</p>\r\n\t\t\t\t\t<p class=\"service_num\"><b>1600-7728</b><p>\r\n\t\t\t\t</a>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t</header>\r\n\t\r\n\t<style>\r\n\t\t@media only screen and (max-width: 959px) {\r\n\t\t\t#m_menu_wrap > .m_floor2 .left_menu { border-right:0; }\r\n\t\t\t#m_menu_wrap > .m_floor2 .left_menu li { margin-right:20px; }\r\n\t\t\t#m_menu_wrap > .m_floor2 { border-bottom:0; }\r\n\t\t}\r\n\t</style>\r\n\r\n\t<div class=\"mobile\">\r\n\t\t<nav class=\"navbar navbar-color-on-scroll fixed-top navbar-expand-lg mobile\" color-on-scroll=\"100\" id=\"sectionsNav\">\r\n\t\t\t<div class=\"container\">\r\n\t\t\t\t<div class=\"navbar-translate\">\r\n\t\t\t\t\t<a class=\"navbar-brand gotohome\" href=\"#\" style=\"margin-left: 0\">\r\n\t\t\t\t\t\t<img src=\"/v1/image/main_N/logo_w.png\" width=\"40\" class=\"d-inline-block align-top\" alt=\"모두이사\">\r\n\t\t\t\t\t</a>\r\n\t\t\t\t\t<div class=\"mtop_btn_set\">\r\n\t\t\t\t\t\t<a href=\"/v1/modoo/contact_info.php\"><button type=\"button\" class=\"btn btn_info\" onclick=\"\"><span class=\"infortxt01\">모두이사</span> <span class=\"infortxt02\">이사 견적</span> <span class=\"infortxt03\">비교 서비스</span></button></a>\r\n\t\t\t\t\t</div>\r\n\r\n\t\t\t\t\t<a class=\"right\" href=\"tel:1600-7728\" style=\"top:12px; right:50px; position: absolute\">\r\n\t\t\t\t\t\t<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"24\" height=\"24\">\r\n\t\t\t\t\t\t\t<path fill=\"none\" d=\"M0 0h24v24H0z\" />\r\n\t\t\t\t\t\t\t<path d=\"M21 16.42v3.536a1 1 0 0 1-.93.998c-.437.03-.794.046-1.07.046-8.837 0-16-7.163-16-16 0-.276.015-.633.046-1.07A1 1 0 0 1 4.044 3H7.58a.5.5 0 0 1 .498.45c.023.23.044.413.064.552A13.901 13.901 0 0 0 9.35 8.003c.095.2.033.439-.147.567l-2.158 1.542a13.047 13.047 0 0 0 6.844 6.844l1.54-2.154a.462.462 0 0 1 .573-.149 13.901 13.901 0 0 0 4 1.205c.139.02.322.042.55.064a.5.5 0 0 1 .449.498z\" fill=\"rgba(255,255,255,1)\" />\r\n\t\t\t\t\t\t</svg>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t\t<button class=\"navbar-toggler\" type=\"button\" data-toggle=\"collapse\" aria-expanded=\"false\" aria-label=\"Toggle navigation\">\r\n\t\t\t\t\t\t<span class=\"sr-only\">토글네비게이션</span>\r\n\t\t\t\t\t\t<span class=\"navbar-toggler-icon\"></span>\r\n\t\t\t\t\t\t<span class=\"navbar-toggler-icon\"></span>\r\n\t\t\t\t\t\t<span class=\"navbar-toggler-icon\"></span>\r\n\t\t\t\t\t</button>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"collapse navbar-collapse\">\r\n\t\t\t\t\t<ul class=\"navbar-nav ml-auto\">\r\n\t\t\t\t\t\t<li class=\"dropdown nav-item\">\r\n\t\t\t\t\t\t\t<a href=\"#\" class=\"dropdown-toggle nav-link\" data-toggle=\"dropdown\">\r\n\t\t\t\t\t\t\t\t<i class=\"fas fa-truck-moving\"></i> 모두이사\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t<div class=\"dropdown-menu dropdown-with-icons\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/modoo/service\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 서비스소개\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/modoo/contact_info.php\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 방문견적 가이드\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<!-- <a href=\"/v1/modoo/ccm.php\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 소비자중심경영 CCM\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/modoo/untact_info.php\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 비대면견적 가이드\r\n\t\t\t\t\t\t\t\t</a> -->\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li class=\"dropdown nav-item\">\r\n\t\t\t\t\t\t\t<a href=\"#\" class=\"dropdown-toggle nav-link\" data-toggle=\"dropdown\">\r\n\t\t\t\t\t\t\t\t<i class=\"fas fa-bullhorn\"></i> 커뮤니티\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t<div class=\"dropdown-menu dropdown-with-icons\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v2/posts/tip\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 모두꿀TIP\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<a href=\"/v2/posts/fun\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 모두FUN\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<!--<a href=\"void(0);\" onclick=\"alert('준비중입니다.');return false;\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 우리동네자랑하기\r\n\t\t\t\t\t\t\t\t</a>-->\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li class=\"nav-item\">\r\n\t\t\t\t\t\t\t<a class=\"nav-link\" href=\"/community/posts/jisik\">\r\n\t\t\t\t\t\t\t\t<i class=\"fas fa-atlas\"></i> 이사지식인\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li class=\"nav-item\">\r\n\t\t\t\t\t\t\t<a class=\"nav-link\" href=\"/v2/event\">\r\n\t\t\t\t\t\t\t\t<i class=\"fas fa-calendar-day\"></i> 이벤트\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li class=\"dropdown nav-item\">\r\n\t\t\t\t\t\t\t<a href=\"#\" class=\"dropdown-toggle nav-link\" data-toggle=\"dropdown\">\r\n\t\t\t\t\t\t\t\t<i class=\"fas fa-bullhorn\"></i> 후기&평가\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t<div class=\"dropdown-menu dropdown-with-icons\">\r\n\t\t\t\t\t\t\t\t<a href=\"/v2/review\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 칭찬후기\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<a href=\"/v2/review/my\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i>이사업체칭찬하기\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</li>\r\n\r\n\t\t\t\t\t\t<li class=\"nav-item\">\r\n\t\t\t\t\t\t\t<a class=\"nav-link\" href=\"/v2/my/request\">\r\n\t\t\t\t\t\t\t\t<i class=\"far fa-list-alt\"></i> 이사신청내역\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t</li>\r\n\t\t\t\t\t\t<li class=\"nav-item\">\r\n\t\t\t\t\t\t\t<a class=\"nav-link\" href=\"/v1/move/custom_business\">\r\n\t\t\t\t\t\t\t\t<i class=\"far fa-list-alt\"></i> 파트너제휴\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t</li>\r\n\r\n\t\t\t\t\t\t<li class=\"dropdown nav-item\">\r\n\t\t\t\t\t\t\t<a href=\"#\" class=\"dropdown-toggle nav-link\" data-toggle=\"dropdown\">\r\n\t\t\t\t\t\t\t\t<i class=\"fas fa-user-tag\"></i> 고객센터\r\n\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t<div class=\"dropdown-menu dropdown-with-icons\">\r\n\t\t\t\t\t\t\t\t<!-- <a href=\"/v1/customer/notice\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 모두 뉴스\r\n\t\t\t\t\t\t\t\t</a> -->\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/customer/faq\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 자주묻는 질문\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<a href=\"/v1/customer/contact_info\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 이사정보\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t\t<a onclick=\"viewpopcal()\" class=\"dropdown-item\">\r\n\t\t\t\t\t\t\t\t\t<i class=\"material-icons\">content_paste</i> 손없는날\r\n\t\t\t\t\t\t\t\t\t<div class=\"ripple-container\"></div>\r\n\t\t\t\t\t\t\t\t</a>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</li>\r\n\r\n\t\t\t\t\t\t\t\t\t\t\t</ul>\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</nav>\r\n\t\t\r\n\t\t<div id=\"m_menu_wrap\">\r\n\t\t\t<div class=\"m_floor2\">\r\n\t\t\t\t<ul class=\"left_menu\">\r\n\t\t\t\t\t<li><a class=\"color_pt\">이사</a></li>\r\n\t\t\t\t\t<li><a href=\"http://modooclean.com/\" >청소</a></li>\r\n\t\t\t\t\t<li><a href=\"http://internet.linkaid.co.kr/\" >인터넷</a></li>\r\n\t\t\t\t</ul>\r\n\t\t\t\t<ul class=\"right_menu_m\">\r\n\t\t\t\t\t<!-- <li class=\"modalpop_link story\" link=\"/new_common/popup/free_event.html\">\r\n\t\t\t\t\t사연 모집\r\n\t\t\t\t\t</li> -->\r\n\t\t\t\t\t<!--<li>지금 물어보자!</li>-->\r\n\t\t\t\t\t<li class=\"story\" >\r\n\t\t\t\t\t\t<a href=\"/v2/voc/my\">불편접수</a>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t</ul>\r\n\t\t\t</div>\r\n\t\t\t<!-- <ul class=\"m_floor3\"> -->\r\n\t\t\t\t<!-- <li><a href=\"/v2/posts/tip\">모두꿀TIP</a></li>\r\n\t\t\t\t<li><a href=\"/v2/posts/fun\">모두FUN</a></li> -->\r\n\t\t\t\t<!-- <li><a href=\"/v2/review\">이사칭찬후기</a></li> -->\r\n\t\t\t\t<!-- <li><a href=\"/v2/event\"><b>이벤트</b></a></li> -->\r\n\r\n\t\t\t\t<!-- <li><a class=\"color_pt\">이사</a></li>\r\n\t\t\t\t<li><a href=\"http://modooclean.com/\">청소</a></li>\r\n\t\t\t\t<li><a href=\"http://internet.linkaid.co.kr/\">인터넷</a></li>\r\n\t\t\t</ul> -->\r\n\t\t</div>\r\n\t</div>\r\n\t<!--//pc 및 mobile 메뉴-->\r\n\t<!-- content ST -->\r\n\r\n<!--메인배너 221101수정\r\n<section id=\"banner_visual\">\r\n\t<ul>\r\n\t\t<li>\r\n\t\t\t<a class=\"pc\" href=\"javascript:openpopcontact();\"><img src=\"/v1/image/main_N/modoo_main_1_230404.png\"></a>\r\n\t\t\t<a class=\"mobile\" href=\"javascript:openpopcontact();\"><img src=\"/v1/image/main_N/modoo_m_main_1_230404.png\"></a>\r\n\t\t</li>\r\n\t\t<li>\r\n\t\t\t<a class=\"pc\" href=\"http://modooclean.com/\" target=\"_blank\"><img src=\"/v1/image/main_N/modoo_main_2_230404.png\"></a>\r\n\t\t\t<a class=\"mobile\" href=\"http://modooclean.com/\" target=\"_blank\"><img src=\"/v1/image/main_N/modoo_m_main_2_230404.png\"></a>\r\n\t\t</li>\r\n\t</ul>\r\n</section>\r\n-->\r\n\r\n\r\n\r\n\r\n\r\n\r\n<!-- 새로운 견적신청 팝업창 [written by bhh : 2025-04-22] -->\r\n<style>\r\n\t.new-order-pop { display:none; z-index:8888; position:fixed; top:0; left:0; width:100vw; height:100vh; background-color:rgba(0, 0, 0, 0.5); -webkit-backdrop-filter:blur(3px); backdrop-filter:blur(3px); }\r\n\t.new-order-pop select { margin:1px 0; padding:10px; width:100%; border:0; border-radius:5px; background-color:#f6f6f6; font-size:0.8em; }\r\n\t.new-order-pop input { margin:1px 0; padding:10px; width:100%; border:0; border-radius:5px; background-color:#f6f6f6; font-size:0.8em; }\r\n\t.checkbox-basic { width:18px !important; height:18px !important; vertical-align: middle; -webkit-appearance: auto; -moz-appearance: auto; appearance: auto; }\r\n\t.input-80p { width:80% !important; }\r\n\t.new-order-pop-area { margin:2% auto; padding:35px; min-width:550px; width:47%; background-color:#fff; border-radius:15px; box-shadow:0px 0px 20px rgba(0, 0, 0, 0.3); color:#7d7d7d; }\r\n\t.new-order-pop-head { margin-bottom:20px; text-align:center; font-size:0.9em; color:#999; }\r\n\t.new-order-pop-head p { font-size:2.4em; color:#1c8ff8; font-weight:700; letter-spacing:-0.5px; }\r\n\t.new-order-content { display:flex; flex-wrap:wrap; }\r\n\t.new-order-grid-100 { margin:0 2px; width:99%; }\r\n\t.new-order-grid-50 { margin:0 2px; width:49%; }\r\n\t.new-order-content-tit { margin:10px 0 5px 0; font-size:0.8em; font-weight:bold; }\r\n\t.new-order-content-agree { margin:12px 0; font-size:0.8em; text-align:center; }\r\n\t.new-order-btn-1 { margin-left:5px; padding: 8px 10px; border: 0; border-radius: 5px; background-color: #1c8ff8; color: #fff; font-size:0.8em; }\r\n\t.new-order-btn-2 { padding: 8px; width:100%; border: 0; border-radius: 35px; background-color: #1c8ff8; color: #fff; font-size:1.2em; }\r\n\t.new-order-agree-area { margin:15px 0; }\r\n\t.new-order-align-center { text-align:center; }\r\n\t.new-order-content-agree-item { display:inline-block; width:30%; }\r\n\t.new-order-addr50 { margin-right:2px !important; width:49% !important; }\r\n\t\r\n\t#sending_area { display:none; z-index:8889; position:fixed; top:0; left:0; width:100vw; height:100vh; background-color:rgba(0, 0, 0, 0.5); -webkit-backdrop-filter:blur(3px); backdrop-filter:blur(3px); }\r\n\t#sending_area div { margin:18% auto; padding:25px; width:200px; background-color:#fff; border-radius:15px; box-shadow:0px 0px 50px rgba(0, 0, 0, 0.35); color:#7d7d7d; text-align:center; }\r\n\t#sending_area div p { margin-top:5px; }\r\n\r\n\t@media all and (max-width:479px){\r\n\t\t.new-order-pop-area { margin:5%; min-width:90%; width:90%; height: 90%; overflow: auto; }\r\n\t\t.new-order-grid-50 { width:99%; }\r\n\t\t.input-80p { width:60% !important; }\r\n\t\t.new-order-content-agree-item { width:100%; line-height:2.2em; }\r\n\t\t.new-order-content-agree { text-align:left; }\r\n\t\t.new-order-addr50 { margin-right:0 !important; width:100% !important; }\r\n\t\t#sending_area div { margin:35% auto; }\r\n\t}\r\n\r\n\t.zip-area { z-index:10000; position:fixed; top:0; left:0; background-color:#fff; display:none; box-shadow: 0px 0px 30px rgba(0, 0, 0, 0.3); }\r\n\t#btnCloseLayer { position:absolute; z-index:100; right:0; cursor:pointer; }\r\n</style>\r\n\r\n<div id=\"sending_area\">\r\n\t<div>\r\n\t\t<img src=\"/image/walking.gif\" alt=\"waiting...\" />\r\n\t\t<p>견적신청 중 입니다.<br>잠시만 기다려주세요.</p>\r\n\t</div>\r\n</div>\r\n\r\n<section class=\"new-order-pop\">\r\n\t<div class=\"new-order-pop-area\">\r\n\t\t<form id=\"orderRegForm\">\r\n\t\t\t<div class=\"new-order-pop-head\">\r\n\t\t\t\t<p>무료견적 문의</p>\r\n\t\t\t\t좋은 이사업체를 찾는 가장 쉬운 방법\r\n\t\t\t</div>\r\n\t\t\t<ul class=\"new-order-content\">\r\n\t\t\t\t<li class=\"new-order-grid-50\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">이사종류</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<select name=\"kind\" id=\"kind\">\r\n\t\t\t\t\t\t\t<option value=\"\">+ 이사 종류를 선택해주세요.</option>\r\n\t\t\t\t\t\t\t<option value=\"home\">가정이사[방문견적]</option>\r\n\t\t\t\t\t\t\t<option value=\"oneroom\">소형 원룸이사[유선견적]</option>\r\n\t\t\t\t\t\t\t<option value=\"office\">사무실 이사[방문견적] - 사무실 또는 기업이전</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-50\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">이사일</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<input type=\"date\" name=\"date\" id=\"date\" value=\"\" required />\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-50\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">입주청소 유무 (청소업체 연결 받기)</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<select name=\"clean\" id=\"clean\">\r\n\t\t\t\t\t\t\t<option value=\"x\">+ 미선택</option>\r\n\t\t\t\t\t\t\t<option value=\"Y\">+ 필요</option>\r\n\t\t\t\t\t\t\t<option value=\"N\">+ 불필요</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-50\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">인터넷 신규가입 통신사 이동 (최대지원금 48만원) 상담</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<select name=\"internet\" id=\"internet\">\r\n\t\t\t\t\t\t\t<option value=\"x\">+ 미선택</option>\r\n\t\t\t\t\t\t\t<option value=\"Y\">+ 필요</option>\r\n\t\t\t\t\t\t\t<option value=\"N\">+ 불필요</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-100\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">고객명</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<input type=\"text\" name=\"name\" id=\"name\" value=\"\" placeholder=\"이름을 입력해주세요.\" required />\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-100\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">연락처</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<input type=\"number\" name=\"contact\" id=\"contact\" value=\"\" placeholder=\"숫자만 입력해주세요.\" class=\"input-80p\" required />\r\n\t\t\t\t\t\t<button type=\"button\" class=\"new-order-btn-1\">인증번호 전송</button>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li id=\"certification_area\" class=\"new-order-grid-100\" style=\"display:none;\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">인증번호</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<input type=\"number\" name=\"certification\" id=\"certification\" value=\"\" placeholder=\"숫자만 입력해주세요.\" required />\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-100\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">출발지 주소</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<input type=\"text\" name=\"address-from\" id=\"address-from\" class=\"new-order-addr50\" value=\"\" placeholder=\"출발지 주소를 입력해주세요.\" required onclick=\"sample2_execDaumPostcode('start')\" />\r\n\t\t\t\t\t\t<input type=\"text\" name=\"address-detail\" id=\"address-detail\" class=\"new-order-addr50\" value=\"\" placeholder=\"상세주소를 입력해주세요.\" required />\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-100\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">도착지 주소</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<select name=\"address-to-1\" id=\"address-to-1\" class=\"new-order-addr50\">\r\n\t\t\t\t\t\t\t<option value=\"\">시/도 선택</option>\r\n\t\t\t\t\t\t\t<option value=\"서울특별시\">서울특별시</option>\r\n\t\t\t\t\t\t\t<option value=\"부산광역시\">부산광역시</option>\r\n\t\t\t\t\t\t\t<option value=\"인천광역시\">인천광역시</option>\r\n\t\t\t\t\t\t\t<option value=\"대구광역시\">대구광역시</option>\r\n\t\t\t\t\t\t\t<option value=\"대전광역시\">대전광역시</option>\r\n\t\t\t\t\t\t\t<option value=\"광주광역시\">광주광역시</option>\r\n\t\t\t\t\t\t\t<option value=\"울산광역시\">울산광역시</option>\r\n\t\t\t\t\t\t\t<option value=\"세종특별자치시\">세종특별자치시</option>\r\n\t\t\t\t\t\t\t<option value=\"경기도\">경기도</option>\r\n\t\t\t\t\t\t\t<option value=\"충청북도\">충청북도</option>\r\n\t\t\t\t\t\t\t<option value=\"충청남도\">충청남도</option>\r\n\t\t\t\t\t\t\t<option value=\"전라남도\">전라남도</option>\r\n\t\t\t\t\t\t\t<option value=\"경상북도\">경상북도</option>\r\n\t\t\t\t\t\t\t<option value=\"경상남도\">경상남도</option>\r\n\t\t\t\t\t\t\t<option value=\"강원특별자치도\">강원특별자치도</option>\r\n\t\t\t\t\t\t\t<option value=\"전북특별자치도\">전북특별자치도</option>\r\n\t\t\t\t\t\t\t<option value=\"제주특별자치도\">제주특별자치도</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t\t<select name=\"address-to-2\" id=\"address-to-2\" class=\"new-order-addr50\">\r\n\t\t\t\t\t\t\t<option value=\"x\">+ 시/군/구 선택</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-100\">\r\n\t\t\t\t\t<div class=\"new-order-content-tit\">통화가능시간</div>\r\n\t\t\t\t\t<div>\r\n\t\t\t\t\t\t<input type=\"text\" name=\"hp_call_time\" id=\"hp_call_time\" value=\"\" placeholder=\"예) 6시 가능\" />\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li class=\"new-order-grid-100 new-order-agree-area\">\r\n\t\t\t\t\t<div class=\"new-order-content-agree\">\r\n\t\t\t\t\t\t<span class=\"new-order-content-agree-item\">\r\n\t\t\t\t\t\t\t<label>\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" name=\"checkbox1\" id=\"checkbox1\" value=\"Y\" class=\"checkbox-basic\" />\r\n\t\t\t\t\t\t\t\t(필수) 개인정보처리방침동의 \r\n\t\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<a href=\"https://modoo24.net/new_common/popup/info_pop.html\" target=\"_blank\" rel=\"noreferrer noopener\">[보기]</a>\r\n\t\t\t\t\t\t</span>\r\n\t\t\t\t\t\t<span class=\"new-order-content-agree-item\">\r\n\t\t\t\t\t\t\t<label>\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" name=\"checkbox2\" id=\"checkbox2\" value=\"\" value=\"Y\" class=\"checkbox-basic\" />\r\n\t\t\t\t\t\t\t\t(필수) 제3자정보제공동의 \r\n\t\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<a href=\"https://modoo24.net/new_common/popup/use_pop_02.html\" target=\"_blank\" rel=\"noreferrer noopener\">[보기]</a>\r\n\t\t\t\t\t\t</span>\r\n\t\t\t\t\t\t<span class=\"new-order-content-agree-item\">\r\n\t\t\t\t\t\t\t<label>\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" name=\"checkbox3\" id=\"checkbox3\" value=\"\" value=\"Y\" class=\"checkbox-basic\" />\r\n\t\t\t\t\t\t\t\t(선택) 마케팅정보수신동의 \r\n\t\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<a href=\"https://modoo24.net/new_common/popup/mkt_ok.html\" target=\"_blank\" rel=\"noreferrer noopener\">[보기]</a>\r\n\t\t\t\t\t\t</span>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t</ul>\r\n\t\t\t<div class=\"new-order-align-center\">\r\n\t\t\t\t<button type=\"button\" id=\"submit-btn-1\" class=\"new-order-btn-2\">무료견적 신청하기</button>\r\n\t\t\t</div>\r\n\t\t</form>\r\n\t</div>\r\n</section>\r\n\r\n<!-- 주소검색 팝업 -->\r\n<div id=\"zip_area\" class=\"zip-area\">\r\n\t<img src=\"//t1.daumcdn.net/postcode/resource/images/close.png\" id=\"btnCloseLayer\" alt=\"닫기 버튼\">\r\n</div>\r\n\r\n<script>\r\n\tconst regionData = {\r\n\t\t서울특별시 : [\"종로구\", \"중구\", \"용산구\", \"성동구\", \"광진구\", \"동대문구\", \"중랑구\", \"성북구\", \"강북구\", \"도봉구\", \"노원구\", \"은평구\", \"서대문구\", \"마포구\", \"양천구\", \"강서구\", \"구로구\", \"금천구\", \"영등포구\", \"동작구\", \"관악구\", \"서초구\", \"강남구\", \"송파구\",\"강동구\"]\r\n\t\t, 부산광역시 : [\"중구\", \"서구\", \"동구\", \"영도구\", \"부산진구\", \"동래구\", \"남구\", \"북구\", \"해운대구\", \"사하구\", \"금정구\", \"강서구\", \"연제구\", \"수영구\", \"사상구\", \"기장군\"]\r\n\t\t, 대구광역시 : [\"중구\", \"동구\", \"서구\", \"남구\", \"북구\", \"수성구\", \"달서구\", \"달성군\"]\r\n\t\t, 인천광역시 : [\"중구\", \"동구\", \"남구\", \"미추홀구\", \"연수구\", \"남동구\", \"부평구\", \"계양구\", \"서구\", \"강화군\", \"옹진군\"]\r\n\t\t, 광주광역시 : [\"동구\", \"서구\", \"남구\", \"북구\", \"광산구\"]\r\n\t\t, 대전광역시 : [\"동구\", \"중구\", \"서구\", \"유성구\", \"대덕구\"]\r\n\t\t, 울산광역시 : [\"중구\", \"남구\", \"동구\", \"북구\", \"울주군\"]\r\n\t\t, 세종특별자치시 : [\"\"]\r\n\t\t, 경기도 : [\"수원시\", \"성남시\", \"고양시\", \"용인시\", \"부천시\", \"안산시\", \"안양시\", \"남양주시\", \"화성시\", \"평택시\", \"의정부시\", \"시흥시\", \"파주시\", \"광명시\", \"김포시\", \"군포시\", \"광주시\", \"이천시\", \"양주시\", \"오산시\", \"구리시\", \"안성시\", \"포천시\", \"의왕시\", \"하남시\", \"여주시\", \"여주군\", \"양평군\", \"동두천시\", \"과천시\", \"가평군\", \"연천군\"]\r\n\t\t, 강원특별자치도 : [\"춘천시\", \"원주시\", \"강릉시\", \"동해시\", \"태백시\", \"속초시\", \"삼척시\", \"홍천군\", \"횡성군\", \"영월군\", \"평창군\", \"정선군\", \"철원군\", \"화천군\", \"양구군\", \"인제군\", \"고성군\", \"양양군\"]\r\n\t\t, 충청북도 : [\"청주시\", \"충주시\", \"제천시\", \"청원군\", \"보은군\", \"옥천군\", \"영동군\", \"진천군\", \"괴산군\", \"음성군\", \"단양군\", \"증평군\"]\r\n\t\t, 충청남도 : [\"천안시\", \"공주시\", \"보령시\", \"아산시\", \"서산시\", \"논산시\", \"계룡시\", \"당진시\", \"당진군\", \"금산군\", \"연기군\", \"부여군\", \"서천군\", \"청양군\", \"홍성군\", \"예산군\", \"태안군\"]\r\n\t\t, 전북특별자치도 : [\"전주시\", \"군산시\", \"익산시\", \"정읍시\", \"남원시\", \"김제시\", \"완주군\", \"진안군\", \"무주군\", \"장수군\", \"임실군\", \"순창군\", \"고창군\", \"부안군\"]\r\n\t\t, 전라남도 : [\"목포시\", \"여수시\", \"순천시\", \"나주시\", \"광양시\", \"담양군\", \"곡성군\", \"구례군\", \"고흥군\", \"보성군\", \"화순군\", \"장흥군\", \"강진군\", \"해남군\", \"영암군\", \"무안군\", \"함평군\", \"영광군\", \"장성군\", \"완도군\", \"진도군\", \"신안군\"]\r\n\t\t, 경상북도 : [\"포항시\", \"경주시\", \"김천시\", \"안동시\", \"구미시\", \"영주시\", \"영천시\", \"상주시\", \"문경시\", \"경산시\", \"군위군\", \"의성군\", \"청송군\", \"영양군\", \"영덕군\", \"청도군\", \"고령군\", \"성주군\", \"칠곡군\", \"예천군\", \"봉화군\", \"울진군\", \"울릉군\"]\r\n\t\t, 경상남도 : [\"창원시\", \"마산시\", \"진주시\", \"진해시\", \"통영시\", \"사천시\", \"김해시\", \"밀양시\", \"거제시\", \"양산시\", \"의령군\", \"함안군\", \"창녕군\", \"고성군\", \"남해군\", \"하동군\", \"산청군\", \"함양군\", \"거창군\", \"합천군\"]\r\n\t\t, 제주특별자치도 : [\"제주시\", \"서귀포시\", \"북제주군\", \"남제주군\"]\r\n\t}\r\n\r\n\t$(function(){\r\n\t\t$(\".new-order-pop\").on(\"click\", function(e){\r\n\t\t\t// 선택영역 제외 클릭 했을때 창닫기\r\n\t\t\tif ($(e.target).parents('.new-order-pop > div').length < 1) { \r\n\t\t\t\t$(\"#zip_area\").hide(); // 주소검색창 닫기\r\n\t\t\t\t$(this).fadeOut(300); // 닫기\r\n\t\t\t}\r\n\t\t});\r\n\r\n\t\t// 도착지 주소\r\n\t\t$(\"#address-to-1\").on(\"change\", function(){\r\n\t\t\tconst setArea = $(this).val();\r\n\t\t\tconst arrArea = regionData[setArea];\r\n\r\n\t\t\tlet htmlList = '';\r\n\t\t\t$.each(arrArea, function(index, item){\r\n\t\t\t\thtmlList += '<option value=\"' + item + '\">' + item + '</option>';\r\n\t\t\t});\r\n\t\t\t\r\n\t\t\tconst resultHtml = `\r\n\t\t\t\t<option value=\"\">시/군/구 선택</option>\r\n\t\t\t\t${htmlList}\r\n\t\t\t`;\r\n\t\t\t$(\"#address-to-2\").html(resultHtml);\r\n\t\t});\r\n\t});\r\n\r\n\tconst newOrder = () => {\r\n\t\t$(\".new-order-pop\").fadeIn(300);\r\n\t}\r\n</script>\r\n\r\n<script>\r\n\t$(function(){\r\n\t\t// 무료방문견적 신청 버튼 클릭\r\n\t\t$(\"#submit-btn-1\").click(function(){\r\n\t\t\tlet kind = $(\"#kind\").val();\r\n\t\t\tlet clean = $(\"#clean\").val();\r\n\t\t\tlet internet = $(\"#internet\").val();\r\n\t\t\tlet date = $(\"#date\").val();\r\n\t\t\tlet name = $(\"#name\").val();\r\n\t\t\tlet contact = $(\"#contact\").val();\r\n\t\t\tlet certification = $(\"#certification\").val();\r\n\t\t\tlet addr = $(\"#address-from\").val();\r\n\t\t\tlet addr1 = $(\"#address-detail\").val();\r\n\t\t\tlet addr_end = $(\"#address-to-1\").val();\r\n\t\t\tlet addr_end1 = $(\"#address-to-2\").val();\r\n\t\t\tlet hp_call_time = $(\"#hp_call_time\").val();\r\n\r\n\t\t\tif (kind == '') {\r\n\t\t\t\talert('이사종류를 선택해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (date == '') {\r\n\t\t\t\talert('이사 예정일을 선택 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (clean == 'x') {\r\n\t\t\t\talert('입주청소 유무를 선택해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (internet == 'x') {\r\n\t\t\t\talert('인터넷신규가입통신사이동을 선택해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (name == '') {\r\n\t\t\t\talert('고객명을 입력 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (contact == '') {\r\n\t\t\t\talert('연락처를 입력 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (certification == '') {\r\n\t\t\t\talert('인증번호를 입력 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (addr == '') {\r\n\t\t\t\talert('출발지 주소를 입력 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif (addr_end == '') {\r\n\t\t\t\talert('도착지 주소를 선택 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif ($('#checkbox1').is(':checked') == false) {\r\n\t\t\t\talert('개인정보처리방침동의를 선택 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\t\t\tif ($('#checkbox2').is(':checked') == false) {\r\n\t\t\t\talert('제3자정보제공동의를 선택 해주세요.');\r\n\t\t\t\treturn;\r\n\t\t\t}\r\n\r\n\t\t\tif (!confirm('신청 하시겠습니까?')) return;\r\n\t\t\t$(\"#sending_area\").show(); // 신청중 레이어 띄우자\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t// 바닐라JS ajax\r\n\t\t\tconst param = \"certification=\" + certification\r\n\t\t\t\t+ \"&kind=\" + kind\r\n\t\t\t\t+ \"&date=\" + date\r\n\t\t\t\t+ \"&clean=\" + clean\r\n\t\t\t\t+ \"&internet=\" + internet\r\n\t\t\t\t+ \"&name=\" + name\r\n\t\t\t\t+ \"&contact=\" + contact\r\n\t\t\t\t+ \"&address-from=\" + addr\r\n\t\t\t\t+ \"&address-detail=\" + addr1\r\n\t\t\t\t+ \"&address-to-1=\" + addr_end\r\n\t\t\t\t+ \"&address-to-2=\" + addr_end1\r\n\t\t\t\t+ \"&hp_call_time=\" + hp_call_time;\r\n\t\t\t\r\n\t\t\tlet xhr = new XMLHttpRequest();\r\n\t\t\txhr.open(\"POST\", \"/controller/contract_modoo\", true); // true: 비동기, false:동기\r\n\t\t\txhr.setRequestHeader(\"Content-Type\", \"application/x-www-form-urlencoded\");\r\n\t\t\txhr.send(param);\r\n\r\n\t\t\t// 바닐라JS ajax 리턴 데이터\r\n\t\t\txhr.addEventListener(\"load\", function(){\r\n\t\t\t\tif (xhr.status === 200) {\r\n\t\t\t\t\t//let jsonObjData = JSON.parse(xhr.responseText); // 리턴값이 json 일때\r\n\t\t\t\t\t//console.log(jsonObjData);\r\n\r\n\t\t\t\t\t// naver 신청완료(lead) script [2025-05-07]\r\n\t\t\t\t\tif (window.wcs) {\r\n\t\t\t\t\t\tif (!wcs_add) var wcs_add = {}\r\n\t\t\t\t\t\twcs_add[\"wa\"] = \"s_3a589317ff16\";\r\n\t\t\t\t\t\tvar _conv = {};\r\n\t\t\t\t\t\t_conv.type = 'lead';\r\n\t\t\t\t\t\twcs.trans(_conv);\r\n\t\t\t\t\t}\r\n\r\n\t\t\t\t\t// naver 전환 script [2025-04-28]\r\n\t\t\t\t\tif (window.wcs) wcs.inflow(\"http://www.modoo24.net\");\r\n\t\t\t\t\twcs_do();\r\n\r\n\t\t\t\t\t$(\"#feedback_simple\").html(xhr.responseText);\r\n\t\t\t\t}\r\n\t\t\t});\r\n\t\t});\r\n\t\t\r\n\t\t// 오늘과 내일 날짜 선택 시 경고창 view\r\n\t\t$(\"#date\").on(\"change\", function(){\r\n\t\t\tlet setDate = $(this).val();\r\n\t\t\tlet chkDate1 = '2025-06-28';\r\n\t\t\tlet chkDate2 = '2025-06-29';\r\n\t\t\tif (setDate == chkDate1 || setDate == chkDate2) {\r\n\t\t\t\talert('2025년 06월 28일 또는 2025년 06월 29일에 등록을 원하시는 고객님께서는 고객센터(1600-7728)로 문의 바랍니다.');\r\n\t\t\t\t$(this).val('');\r\n\t\t\t}\r\n\t\t});\r\n\r\n\t\t// 인증번호 전송\r\n\t\t$(\".new-order-btn-1\").on(\"click\", function(){\r\n\t\t\tsms_confirm();\r\n\t\t});\r\n\t});\r\n\r\n\t// 인증번호 전송\r\n\tconst sms_confirm = () => {\r\n\t\tlet hp = $(\"#contact\").val();\r\n\t\tif (hp == '') {\r\n\t\t\talert('휴대폰번호를 입력해주세요.');\r\n\t\t\t$(\"#contact\").focus();\r\n\t\t\treturn;\r\n\t\t}\r\n\t\t\r\n\t\t// TODO: ajax\r\n\t\tlet xhr = new XMLHttpRequest();\r\n\t\txhr.open(\"GET\", \"/controller/contract_modoo?cmd=auth&hp=\"+hp, true); // true: 비동기, false:동기\r\n\t\txhr.send();\r\n\r\n\t\t// 바닐라JS ajax 리턴 데이터\r\n\t\txhr.addEventListener(\"load\", function(){\r\n\t\t\tif (xhr.status === 200) {\r\n\t\t\t\t$(\"#certification_area\").show(); // 인증번호 폼 view\r\n\t\t\t\t$(\"#feedback_simple\").html(xhr.responseText);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n</script>\r\n\r\n<!-- <script src=\"//t1.daumcdn.net/mapjsapi/bundle/postcode/prod/postcode.v2.js\"></script> -->\r\n<script>\r\n\t$(function(){\r\n\t\t$(\"#btnCloseLayer\").on(\"click\", function(){\r\n\t\t\t$(\"#zip_area\").hide();\r\n\t\t});\r\n\t});\r\n\t\r\n\t// 우편번호 찾기 화면을 넣을 element\r\n\tvar element_layer = document.getElementById('zip_area');\r\n\r\n\tfunction sample2_execDaumPostcode(flag) {\r\n\t\tnew daum.Postcode({\r\n\t\t\toncomplete: function(data) {\r\n\t\t\t\t// 검색결과 항목을 클릭했을때 실행할 코드를 작성하는 부분.\r\n\r\n\t\t\t\t// 각 주소의 노출 규칙에 따라 주소를 조합한다.\r\n\t\t\t\t// 내려오는 변수가 값이 없는 경우엔 공백('')값을 가지므로, 이를 참고하여 분기 한다.\r\n\t\t\t\tvar addr = ''; // 주소 변수\r\n\t\t\t\tvar extraAddr = ''; // 참고항목 변수\r\n\r\n\t\t\t\t//사용자가 선택한 주소 타입에 따라 해당 주소 값을 가져온다.\r\n\t\t\t\tif (data.userSelectedType === 'R') { // 사용자가 도로명 주소를 선택했을 경우\r\n\t\t\t\t\taddr = data.roadAddress;\r\n\t\t\t\t} else { // 사용자가 지번 주소를 선택했을 경우(J)\r\n\t\t\t\t\taddr = data.jibunAddress;\r\n\t\t\t\t}\r\n\r\n\t\t\t\t// 사용자가 선택한 주소가 도로명 타입일때 참고항목을 조합한다.\r\n\t\t\t\tif(data.userSelectedType === 'R'){\r\n\t\t\t\t\t// 법정동명이 있을 경우 추가한다. (법정리는 제외)\r\n\t\t\t\t\t// 법정동의 경우 마지막 문자가 \"동/로/가\"로 끝난다.\r\n\t\t\t\t\tif(data.bname !== '' && /[동|로|가]$/g.test(data.bname)){\r\n\t\t\t\t\t\textraAddr += data.bname;\r\n\t\t\t\t\t}\r\n\t\t\t\t\t// 건물명이 있고, 공동주택일 경우 추가한다.\r\n\t\t\t\t\tif(data.buildingName !== '' && data.apartment === 'Y'){\r\n\t\t\t\t\t\textraAddr += (extraAddr !== '' ? ', ' + data.buildingName : data.buildingName);\r\n\t\t\t\t\t}\r\n\t\t\t\t\t// 표시할 참고항목이 있을 경우, 괄호까지 추가한 최종 문자열을 만든다.\r\n\t\t\t\t\tif(extraAddr !== ''){\r\n\t\t\t\t\t\textraAddr = ' (' + extraAddr + ')';\r\n\t\t\t\t\t}\r\n\t\t\t\t\t// 조합된 참고항목을 해당 필드에 넣는다.\r\n\t\t\t\t\t//document.getElementById(\"sample2_extraAddress\").value = extraAddr;\r\n\r\n\t\t\t\t} else {\r\n\t\t\t\t\t//document.getElementById(\"sample2_extraAddress\").value = '';\r\n\t\t\t\t}\r\n\r\n\t\t\t\t// 우편번호와 주소 정보를 해당 필드에 넣는다.\r\n\t\t\t\tif (flag == 'start') {\r\n\t\t\t\t\t//document.getElementById('sample3_postcode').value = data.zonecode;\r\n\t\t\t\t\tdocument.getElementById(\"address-from\").value = addr;\r\n\t\t\t\t\t// 커서를 상세주소 필드로 이동한다.\r\n\t\t\t\t\tdocument.getElementById(\"address-detail\").focus();\r\n\t\t\t\t}/* else {\r\n\t\t\t\t\tdocument.getElementById(\"e_addr1\").value = addr;\r\n\t\t\t\t}*/\r\n\r\n\t\t\t\t// iframe을 넣은 element를 안보이게 한다.\r\n\t\t\t\t// (autoClose:false 기능을 이용한다면, 아래 코드를 제거해야 화면에서 사라지지 않는다.)\r\n\t\t\t\telement_layer.style.display = 'none';\r\n\t\t\t},\r\n\t\t\twidth : '100%',\r\n\t\t\theight : '100vh',\r\n\t\t\tmaxSuggestItems : 5\r\n\t\t}).embed(element_layer);\r\n\r\n\t\t// iframe을 넣은 element를 보이게 한다.\r\n\t\telement_layer.style.display = 'block';\r\n\r\n\t\t// iframe을 넣은 element의 위치를 화면의 가운데로 이동시킨다.\r\n\t\tvar width = 380; //우편번호서비스가 들어갈 element의 width\r\n\t\tvar height = 450; //우편번호서비스가 들어갈 element의 height\r\n\t\tvar borderWidth = 1; //샘플에서 사용하는 border의 두께\r\n\r\n\t\t// 위에서 선언한 값들을 실제 element에 넣는다.\r\n\t\telement_layer.style.width = width + 'px';\r\n\t\telement_layer.style.height = height + 'px';\r\n\t\t//element_layer.style.border = borderWidth + 'px solid #333';\r\n\t\t// 실행되는 순간의 화면 너비와 높이 값을 가져와서 중앙에 뜰 수 있도록 위치를 계산한다.\r\n\t\telement_layer.style.left = (((window.innerWidth || document.documentElement.clientWidth) - width)/2 - borderWidth) + 'px';\r\n\t\telement_layer.style.top = (((window.innerHeight || document.documentElement.clientHeight) - height)/2 - borderWidth) + 'px';\r\n\t}\r\n</script>\r\n\r\n\r\n\r\n\r\n\r\n<!-- 메인배너 [written by bhh : 2025-02-05] -->\r\n<style>\r\n\t.col-md-4.col-sm-6 img { width:100%; }\r\n\r\n\t.main-bn img { width:100%; }\r\n\t.main-bn { /*flex-grow: 1;*/ }\r\n\t.main-banner-swiper-pagination { text-align:center !important; }\r\n\r\n\t/* 슬라이드 배너 */\r\n\t.banner-mobile-item { margin:10px auto; padding:8px; width:90%; height:160px; border-radius:8px; box-shadow:0 0 12px rgba(0, 0, 0, 0.1); }\r\n\t.banner-mobile-title { margin:20px 0 0 10px; font-family:'Pretendard' !important; font-size:1.05em; font-weight:bold; letter-spacing:-1px; }\r\n\t.banner-mobile-sub { margin:20px 0 0 10px; font-family:'Pretendard' !important; font-size:0.85em; letter-spacing:-1px; line-height:1.4em;}\r\n\t.banner-mobile-btn { margin:8px auto; padding:5px; width:95%; border-radius:30px; background-color:#2663bd; color:#fff; font-size:0.6em; text-align:center; }\r\n\t\r\n\t.banner-mobile-item-moving { background-image:url('/v1/image/main_N/slide_boxes_s.png'); background-repeat: no-repeat; background-size:90px; background-position: right 5px top 15px; }\r\n\t.banner-mobile-item-clean { background-image:url('/v1/image/main_N/slide_basket_s.png'); background-repeat: no-repeat; background-size:70px; background-position: right 5px top 15px; }\r\n\t.banner-mobile-item-internet { background-image:url('/v1/image/main_N/slide_laptop_router_s.png'); background-repeat: no-repeat; background-size:60px; background-position: right 10px top 15px; }\r\n</style>\r\n<section id=\"banner_visual\">\t\r\n\t<!-- <div class=\"row\" style=\"display:\">\r\n\t\t<div class=\"col-md-4 col-sm-6\"><img src=\"/v1/image/main_N/main_bn01.png\"></div>\r\n\t\t<div class=\"col-md-4 col-sm-6\"><img src=\"/v1/image/main_N/main_bn02.png\"></div>\r\n\t\t<div class=\"col-md-4 col-sm-6 pc\"><a href=\"http://modooclean.com/\" target=\"_blank\"><img src=\"/v1/image/main_N/main_bn03.png\"></a></div>\r\n\t</div> -->\r\n\r\n\t<!-- pc -->\r\n\t<div class=\"row\" style=\"margin-right:0 !important; margin-left:0 !important;\">\r\n\t\t<div class=\"main-bn pc\"><a href=\"javascript:newOrder();\"><img src=\"/v1/image/main_N/Moving_360_360.png\"></a></div>\r\n\t\t<div class=\"main-bn pc\"><a href=\"http://modooclean.com/\" target=\"_blank\"><img src=\"/v1/image/main_N/Clean_360_360.png\"></a></div>\r\n\t\t<div class=\"main-bn pc\"><a href=\"http://internet.linkaid.co.kr/\" target=\"_blank\"><img src=\"/v1/image/main_N/Internet_360_360.png\"></a></div>\t\t\r\n\t</div>\r\n\r\n\t<!-- mobile -->\r\n\t<div id=\"main_banner_swiper\">\r\n\t\t<div class=\"swiper-wrapper\" style=\"position:relative;\">\r\n\t\t\t<div class=\"swiper-slide\">\r\n\t\t\t\t<a href=\"javascript:newOrder();\">\r\n\t\t\t\t\t<div class=\"banner-mobile-item banner-mobile-item-moving mobile\">\r\n\t\t\t\t\t\t<p class=\"banner-mobile-title\">이사</p>\r\n\t\t\t\t\t\t<p class=\"banner-mobile-sub\">이사 스트레스, 이제 모두 맡기세요!</p>\r\n\t\t\t\t\t\t<div class=\"banner-mobile-btn\">우수업체 원스톰 무료 매칭하기</div>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</a>\r\n\t\t\t</div>\r\n\t\t\t<div class=\"swiper-slide\">\r\n\t\t\t\t<a href=\"http://modooclean.com/\">\r\n\t\t\t\t\t<div class=\"banner-mobile-item banner-mobile-item-clean mobile\">\r\n\t\t\t\t\t\t<p class=\"banner-mobile-title\">청소·시공</p>\r\n\t\t\t\t\t\t<p class=\"banner-mobile-sub\">깨끗하고 소중한 공간, 모두와 함께!</p>\r\n\t\t\t\t\t\t<div class=\"banner-mobile-btn\">전문가에게 공간 케어받기</div>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</a>\r\n\t\t\t</div>\r\n\t\t\t<div class=\"swiper-slide\">\r\n\t\t\t\t<a href=\"http://internet.linkaid.co.kr/\">\r\n\t\t\t\t\t<div class=\"banner-mobile-item banner-mobile-item-internet mobile\">\r\n\t\t\t\t\t\t<p class=\"banner-mobile-title\">인터넷·TV</p>\r\n\t\t\t\t\t\t<p class=\"banner-mobile-sub\">법정지원금 최대 48만원, 모두에서!</p>\r\n\t\t\t\t\t\t<div class=\"banner-mobile-btn\">통신비 아끼고 최대지원금 받기</div>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</a>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\r\n\t\t<!-- <div class=\"swiper-button-next\"></div>\r\n\t\t<div class=\"swiper-button-prev\"></div> -->\r\n\t\t<div class=\"main-banner-swiper-pagination mobile\"></div>\r\n\t</div>\r\n</section>\r\n<script>\r\n\tnew Swiper(\"#main_banner_swiper\", {\r\n\t\tslidesPerView: 2\r\n\t\t, spaceBetween: 10\r\n\t\t, freeMode: false\r\n\t\t, autoplay: {\r\n\t\t\tdelay: 8000\r\n\t\t\t, disableOnInteraction: false\r\n\t\t}\r\n\t\t, loop: true\r\n\t\t/*, navigation: {\r\n\t\t\tnextEl: \".swiper-button-next\"\r\n\t\t\t, prevEl: \".swiper-button-prev\"\r\n\t\t}*/\r\n\t\t, pagination: {\r\n\t\t\tel: \".main-banner-swiper-pagination\"\r\n\t\t\t, clickable: true\r\n\t\t}\r\n\t\t, autoHeight: true\r\n\t})\r\n</script>\r\n\r\n\r\n\r\n\r\n\r\n<!--이벤트 롤링될때 디스플레이 :none 해제 하고 사용-->\r\n<section class=\"center event_wrap\" style=\"margin-top:30px\">\r\n</section>\r\n\r\n\r\n<!--견적가이드-->\r\n<section class=\"center move_kind pc\">\r\n\t<div class=\"left_Box\">\r\n\t\t<h2 class=\"color_pt\">자주 묻는 질문</h2>\r\n\t\t<p>\r\n\t\t\t이사할 때 <br>\r\n\t\t\t자주 묻는 질문 Best 10<br>\r\n\t\t\t미리 알고<br>\r\n\t\t\t이사 준비 시작해보세요.\r\n\t\t</p>\r\n\t\t<button type=\"button\" class=\"btn_contact\" style=\"background-color:#25abda;\" onclick=\"location.href='/v1/customer/faq' \"><b>바로가기</b></button>\r\n\t\t<p class=\"img\" style=\"top:20px; right:20px;\"><img src=\"/v1/image/main_N/main_faq.png\" alt=\"자주묻는질문\"></p>\r\n\t</div>\r\n\r\n\t<div class=\"right_Box\">\r\n\t\t<h2 class=\"color_blue\">무료 방문 견적</h2>\r\n\t\t<h3>파트너 업체의 직접 방문을 통해 정확한 이사 견적을 제안 드립니다. </h3>\r\n\t\t<button type=\"button\" class=\"btn_contact\" onclick=\"location.href='/v1/modoo/contact_info.php' \"><b>방문 견적 </b>가이드</button>\r\n\t\t<p class=\"img\"><img src=\"/v1/image/main_N/tact_info.jpg\" alt=\"방문 견적 가이드\"></p>\r\n\t</div>\r\n</section>\r\n\r\n\r\n<!--이벤트 하나 일때 사용해야함-->\r\n<section class=\"center\" style=\"display:none\">\r\n\t<div>\r\n\t\t<a href=\"https://www.samsungsales.co.kr/event/moveEventB.sesc?id=APTPR000533&dprt=CST002\" target=\"_blank\">\r\n\t\t\t<img class=\"d-block w-100 pc\" src=\"/v1/image/main_N/event_ss.jpg\" class=\"pc\" alt=\"삼성이벤트\">\r\n\t\t\t<img class=\"d-block w-100 mobile\" src=\"/v1/image/main_N/event_ss_m.jpg\" class=\"pc\" alt=\"삼성이벤트\">\r\n\t\t</a>\r\n\t</div>\r\n</section>\r\n<!--//이벤트 하나 일때 사용해야함-->\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<style>\r\n\t.special-area { margin-top:60px; margin-bottom:-40px; padding:60px 0 40px 0; background-color:#eaf5ff; text-align:center; }\r\n\t.special-area > h2 { font-size: 1.5em; font-family: 'GmarketSansBold'; text-align: center; }\r\n\t.special-wrap { display:flex; margin:20px auto; width:1200px; }\r\n\t.special-area img { height:350px; }\r\n\t.special-item { flex: 1 1 33.33%; margin-right:20px; }\r\n\t.special-item:nth-child(3) { margin-right:0; }\r\n\t\r\n\t.special-text-1 { color: #758797; font-size: 20px; font-style: normal; font-weight: 800; }\r\n\t.special-text-2 { color: #5f5f5f; font-size: 20px; font-style: normal; font-weight: 600; }\r\n\t.special-text-2-highlight { color: #1c8ff8; font-size: 20px; font-style: normal; font-weight: 800; }\r\n\t.special-text-3 { margin-top:10px; color:#758797; font-size:16px; font-style:normal; font-weight:400; }\r\n\r\n\t@media only screen and (max-width: 959px) {\r\n\t\t.special-area { margin:40px 0; }\r\n\t\t.special-area > h2 { font-size:1.2em; }\r\n\r\n\t\t#spacial-banner { padding:20px; overflow:hidden; }\r\n\t\t.special-area img { width:90%; height:150px; }\r\n\t\t.gd_title { margin:20px 0; }\r\n\t\t.special-text-1 { font-size: 14px; }\r\n\t\t.special-text-2 { font-size: 14px; }\r\n\t\t.special-text-2-highlight { font-size: 14px; }\r\n\t\t.special-text-3 { font-size: 12px; }\r\n\t\t.spacial-banner-swiper-pagination { margin-top:20px; text-align:center !important; }\r\n\t}\r\n</style>\r\n<!-- pc -->\r\n<div class=\"special-area pc\">\r\n\t<h2 class=\"gd_title\"><span class=\"color_pt\">모두이사</span>를 선택해야하는 <span class=\"color_pt\">3가지 특별함</span></h2>\r\n\r\n\t<div class=\"special-wrap\">\r\n\t\t<div class=\"special-item\">\r\n\t\t\t<div class=\"special-img-1-wrapper\">\r\n\t\t\t\t<img class=\"special-img-1-mobile\" src=\"/v1/image/main_N/img_1_mobile.png\" alt=\"img_1\">\r\n\t\t\t</div>\r\n\t\t\t<div class=\"special-text-wrapper-1\">\r\n\t\t\t\t<div class=\"special-text-1\">01</div>\r\n\t\t\t\t<div class=\"special-text-2\">\r\n\t\t\t\t\t클릭만으로 편리하게\r\n\t\t\t\t\t<span class=\"special-text-2-highlight\">원스톱 업체 매칭</span> 서비스\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"special-text-3\">\r\n\t\t\t\t\t매칭된 업체의 국토교통부 허가 여부, 사업자등록증, 보험가입 여부 및 실고객 후기 등의 상세정보를 발송합니다.\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\r\n\t\t<div class=\"special-item\">\r\n\t\t\t<div class=\"special-img-2-wrapper-mobile\">\r\n\t\t\t\t<img class=\"special-img-2-mobile\" src=\"/v1/image/main_N/img_2_mobile.png\" alt=\"img_2\">\r\n\t\t\t</div>\r\n\t\t\t<div class=\"special-text-wrapper-2\">\r\n\t\t\t\t<div class=\"special-text-1\">02</div>\r\n\t\t\t\t<div class=\"special-text-2\">\r\n\t\t\t\t\t<span class=\"special-text-2-highlight\">수준 미달의 불량 업체</span> 제휴 해지\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"special-text-3\">\r\n\t\t\t\t\t창업 이후 쌓여온 업체별 평가 데이터를 활용해 서비스 수준미달\r\n\t\t\t\t\t및 A/S 불이행 업체를 지속적으로\r\n\t\t\t\t\t모니터링 하여 수준 높은 이사 서비스를 유지합니다.\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\r\n\t\t<div class=\"special-item\">\r\n\t\t\t<div class=\"special-img-3-wrapper\">\r\n\t\t\t\t<img class=\"special-img-3-mobile\" src=\"/v1/image/main_N/img_3_mobile.png\" alt=\"img_3\">\r\n\t\t\t</div>\r\n\t\t\t<div class=\"special-text-wrapper-3\">\r\n\t\t\t\t<div class=\"special-text-1\">03</div>\r\n\t\t\t\t<div class=\"special-text-2\">\r\n\t\t\t\t\t불편 신고 시,\r\n\t\t\t\t\t<span class=\"special-text-2-highlight\">즉각적인 중재 및 문제 해결</span>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"special-text-3\">모두이사는 소비자중심경영을 선포하고 실천합니다.</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t</div>\r\n</div>\r\n\r\n<!-- mobile -->\r\n<div id=\"spacial-banner\" class=\"special-area mobile\">\r\n\t<h2 class=\"gd_title\">\r\n\t\t<span class=\"color_pt\">모두이사</span>를 선택해야하는 <span class=\"color_pt\">3가지 특별함</span>\r\n\t</h2>\r\n\r\n\t<div class=\"swiper-wrapper\">\r\n\t\t<div class=\"swiper-slide\">\r\n\t\t\t<div class=\"special-img-1-wrapper\">\r\n\t\t\t\t<img class=\"special-img-1-mobile\" src=\"/v1/image/main_N/img_1_mobile.png\" alt=\"img_1\">\r\n\t\t\t</div>\r\n\t\t\t<div class=\"special-text-wrapper-1\">\r\n\t\t\t\t<div class=\"special-text-1\">01</div>\r\n\t\t\t\t<div class=\"special-text-2\">\r\n\t\t\t\t\t클릭만으로 편리하게<br>\r\n\t\t\t\t\t<span class=\"special-text-2-highlight\">원스톱 업체 매칭</span> 서비스\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"special-text-3\">\r\n\t\t\t\t\t매칭된 업체의 국토교통부 허가 여부, 사업자등록증, 보험가입 여부 및 실고객 후기 등의 상세정보를 발송합니다.\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\r\n\t\t<div class=\"swiper-slide\">\r\n\t\t\t<div class=\"special-img-2-wrapper-mobile\">\r\n\t\t\t\t<img class=\"special-img-2-mobile\" src=\"/v1/image/main_N/img_2_mobile.png\" alt=\"img_2\">\r\n\t\t\t</div>\r\n\t\t\t<div class=\"special-text-wrapper-2\">\r\n\t\t\t\t<div class=\"special-text-1\">02</div>\r\n\t\t\t\t<div class=\"special-text-2\">\r\n\t\t\t\t\t<span class=\"special-text-2-highlight\">수준 미달의 불량 업체</span><br> 제휴 해지\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"special-text-3\">\r\n\t\t\t\t\t창업 이후 쌓여온 업체별 평가 데이터를 활용해 서비스 수준미달\r\n\t\t\t\t\t및 A/S 불이행 업체를 지속적으로\r\n\t\t\t\t\t모니터링 하여 수준 높은 이사 서비스를 유지합니다.\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\r\n\t\t<div class=\"swiper-slide\">\r\n\t\t\t<div class=\"special-img-3-wrapper\">\r\n\t\t\t\t<img class=\"special-img-3-mobile\" src=\"/v1/image/main_N/img_3_mobile.png\" alt=\"img_3\">\r\n\t\t\t</div>\r\n\t\t\t<div class=\"special-text-wrapper-3\">\r\n\t\t\t\t<div class=\"special-text-1\">03</div>\r\n\t\t\t\t<div class=\"special-text-2\">\r\n\t\t\t\t\t불편 신고 시,<br>\r\n\t\t\t\t\t<span class=\"special-text-2-highlight\">즉각적인 중재 및 문제 해결</span>\r\n\t\t\t\t</div>\r\n\t\t\t\t<div class=\"special-text-3\">모두이사는 소비자중심경영을 선포하고 실천합니다.</div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t</div>\r\n\t<div class=\"spacial-banner-swiper-pagination mobile\"></div>\r\n</div>\r\n\r\n<script>\r\n\tnew Swiper(\"#spacial-banner\", {\r\n\t\tslidesPerView: 2\r\n\t\t, spaceBetween: 10\r\n\t\t, freeMode: false\r\n\t\t/*, autoplay: {\r\n\t\t\tdelay: 3000\r\n\t\t\t, disableOnInteraction: false\r\n\t\t}\r\n\t\t, loop: true\r\n\t\t, navigation: {\r\n\t\t\tnextEl: \".swiper-button-next\"\r\n\t\t\t, prevEl: \".swiper-button-prev\"\r\n\t\t}*/\r\n\t\t, pagination: {\r\n\t\t\tel: \".spacial-banner-swiper-pagination\"\r\n\t\t\t, clickable: true\r\n\t\t}\r\n\t\t, autoHeight: true\r\n\t})\r\n</script>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<!--칭찬후기-->\r\n<section class=\"good_ct_after\">\r\n\t<div class=\"center\">\r\n\t\t<!-- <nav class=\"slidernav\">\r\n\t\t\t<div id=\"navbtns\" class=\"clearfix\">\r\n\t\t\t\t<a href=\"#\" class=\"previous\">\r\n\t\t\t\t\t<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"64\" height=\"64\">\r\n\t\t\t\t\t\t<path fill=\"none\" d=\"M0 0h24v24H0z\" />\r\n\t\t\t\t\t\t<path d=\"M10.828 12l4.95 4.95-1.414 1.414L8 12l6.364-6.364 1.414 1.414z\" fill=\"rgba(51,51,51,1)\" />\r\n\t\t\t\t\t</svg>\r\n\t\t\t\t</a>\r\n\t\t\t\t<a href=\"#\" class=\"next\">\r\n\t\t\t\t\t<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"64\" height=\"64\">\r\n\t\t\t\t\t\t<path fill=\"none\" d=\"M0 0h24v24H0z\" />\r\n\t\t\t\t\t\t<path d=\"M13.172 12l-4.95-4.95 1.414-1.414L16 12l-6.364 6.364-1.414-1.414z\" fill=\"rgba(51,51,51,1)\" />\r\n\t\t\t\t\t</svg>\r\n\t\t\t\t</a>\r\n\t\t\t</div>\r\n\t\t</nav> -->\r\n\r\n\t\t<h2 class=\"gd_title\">고객 <span class=\"color_pt\">칭찬 후기</span></h2>\r\n\t\t<a class=\"more\" href=\"/v2/review\">더보기 + </a>\r\n\r\n\t\t<!-- <div class=\"crsl-items\" data-navigation=\"navbtns\" style=\"width: 100%; overflow: hidden;\">\r\n\t\t\t<div class=\"crsl-wrap\" onclick=\"location.href='/v2/review' \" style=\"cursor: pointer; width: 1135px; margin-left: -227px;\">\r\n\t\t\t\t<div class=\"crsl-item\" style=\"position: relative; float: left; overflow: hidden; width: 222px; margin-right: 5px; height: 401px;\">\r\n\t\t\t\t\t<a class=\"review\" href=\"/v2/review\" style=\"display: block\">\r\n\t\t\t\t\t\t<h3>업체명</h3>\r\n\t\t\t\t\t\t<h4>(업체등급)</h4>\r\n\t\t\t\t\t\t<dl>\r\n\t\t\t\t\t\t\t<dt><img src=\"/v1/image/main_N/big_star.png\" alt=\"star\"></dt>\r\n\t\t\t\t\t\t\t<dd>\r\n\t\t\t\t\t\t\t\t<span class=\"num\">5.0</span>\r\n\t\t\t\t\t\t\t\t<span class=\"numtxt\">전체 평점</span>\r\n\t\t\t\t\t\t\t</dd>\r\n\t\t\t\t\t\t</dl>\r\n\t\t\t\t\t\t<p class=\"review_txt\">후기글</p>\r\n\t\t\t\t\t\t<span class=\"review_date\">이사일 2020-11-20</span>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</div>\r\n\t\t\t</div>\r\n\t\t</div> -->\r\n\t\t\r\n\t\t\t\t<style>\r\n\t\t\t.postscript-area { margin-top:10px; padding:20px 0; width:100%; overflow:hidden; }\r\n\t\t\t.ps_prev { position: absolute; margin-top: 160px; z-index: 100; opacity:0.2; }\r\n\t\t\t.ps_next { position: absolute; margin-top: 160px; z-index: 100; opacity:0.2; right:0; }\r\n\t\t\t\r\n\t\t\t@media only screen and (max-width: 959px) {\r\n\t\t\t\t.ps_prev { margin-top: 110px; }\r\n\t\t\t\t.ps_next { margin-top: 110px; }\r\n\t\t\t}\r\n\t\t</style>\r\n\t\t<div class=\"postscript-area\">\r\n\t\t\t<a href=\"#\" class=\"ps_prev\">\r\n\t\t\t\t<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"64\" height=\"64\">\r\n\t\t\t\t\t<path fill=\"none\" d=\"M0 0h24v24H0z\" />\r\n\t\t\t\t\t<path d=\"M10.828 12l4.95 4.95-1.414 1.414L8 12l6.364-6.364 1.414 1.414z\" fill=\"rgba(51,51,51,1)\" />\r\n\t\t\t\t</svg>\r\n\t\t\t</a>\r\n\t\t\t<a href=\"#\" class=\"ps_next\">\r\n\t\t\t\t<svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"64\" height=\"64\">\r\n\t\t\t\t\t<path fill=\"none\" d=\"M0 0h24v24H0z\" />\r\n\t\t\t\t\t<path d=\"M13.172 12l-4.95-4.95 1.414-1.414L16 12l-6.364 6.364-1.414-1.414z\" fill=\"rgba(51,51,51,1)\" />\r\n\t\t\t\t</svg>\r\n\t\t\t</a>\r\n\t\t\t<div class=\"swiper-wrapper\" id=\"postscript_box\">\r\n\t\t\t\t<!-- 슬라이드 내용 ajax -->\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t\t<script>\r\n\t\t\tlet slideViewCnt = 4; // pc 경우\t\t\t\r\n\t\t\tlet agent = \"win16|win32|win64|macintel|mac\";\r\n\t\t\tif (agent.indexOf(navigator.platform.toLowerCase()) < 0) slideViewCnt = 2; // 모바일인 경우\t\r\n\t\t\t\r\n\t\t\t// json 데이터를 가져와서 탬플릿을 입혀 html 적용\r\n\t\t\tconst getPostscriptData = () => {\r\n\t\t\t\t// 바닐라JS ajax\r\n\t\t\t\tlet xhr = new XMLHttpRequest();\r\n\t\t\t\txhr.open(\"GET\", \"/controller/contract_modoo?cmd=mps\", true); // true: 비동기, false:동기\r\n\t\t\t\txhr.send();\r\n\r\n\t\t\t\t// 바닐라JS ajax 리턴 데이터\r\n\t\t\t\txhr.addEventListener(\"load\", function(){\r\n\t\t\t\t\tif (xhr.status === 200) {\r\n\t\t\t\t\t\tlet jsonObjData = JSON.parse(xhr.responseText); // 리턴값이 json 일때\r\n\t\t\t\t\t\t//console.log(jsonObjData);\r\n\t\t\t\t\t\tlet postscriptTmp = ``;\r\n\t\t\t\t\t\t\r\n\t\t\t\t\t\tif (jsonObjData.length > 0) {\r\n\t\t\t\t\t\t\t$.each(jsonObjData, function(key, val){\r\n\t\t\t\t\t\t\t\t//console.log(val);\r\n\t\t\t\t\t\t\t\tlet agvPoint = val.avg;\r\n\t\t\t\t\t\t\t\tlet b_uid = val.b_uid;\r\n\t\t\t\t\t\t\t\tlet s_company = val.s_company;\r\n\t\t\t\t\t\t\t\tlet point_title = val.company_point_title;\r\n\t\t\t\t\t\t\t\tlet b_note = val.b_note;\r\n\t\t\t\t\t\t\t\tlet b_mdate = val.b_mdate;\r\n\t\t\t\t\t\t\t\tlet staff_code = val.staff_code;\r\n\t\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t\tpostscriptTmp += `\r\n\t\t\t\t\t\t\t\t\t<div class=\"swiper-slide\">\r\n\t\t\t\t\t\t\t\t\t\t<div data-id=\"${b_uid}\" class=\"move_review_item_inner\" onclick=\"microSite('${staff_code}');\">\r\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_header\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t<h3>${s_company}</h3>\r\n\t\t\t\t\t\t\t\t\t\t\t\t<h4>(${point_title})</h4>\r\n\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_star_wrap\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_star\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t<img src=\"/v1/image/main_N/big_star.png\" alt=\"star\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_point_wrap\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_point\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t${agvPoint}\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_txt\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t${b_note}\r\n\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"move_review_item_date\">\r\n\t\t\t\t\t\t\t\t\t\t\t\t이사일 ${b_mdate}\r\n\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t\t\t`;\r\n\t\t\t\t\t\t\t});\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\r\n\t\t\t\t\t\t$(\"#postscript_box\").html(postscriptTmp);\r\n\t\t\t\t\t\t\r\n\t\t\t\t\t\tnew Swiper(\".postscript-area\", {\r\n\t\t\t\t\t\t\tslidesPerView: slideViewCnt\r\n\t\t\t\t\t\t\t, spaceBetween: 10\r\n\t\t\t\t\t\t\t, freeMode: false\r\n\t\t\t\t\t\t\t, autoplay: {\r\n\t\t\t\t\t\t\t\tdelay: 2000\r\n\t\t\t\t\t\t\t\t, disableOnInteraction: false\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t, loop: true\r\n\t\t\t\t\t\t\t, navigation: {\r\n\t\t\t\t\t\t\t\tnextEl: \".ps_next\"\r\n\t\t\t\t\t\t\t\t, prevEl: \".ps_prev\"\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\t//, pagination: {\r\n\t\t\t\t\t\t\t//\tel: \".postscript-area-swiper-pagination\"\r\n\t\t\t\t\t\t\t//\t, clickable: true\r\n\t\t\t\t\t\t\t//}\r\n\t\t\t\t\t\t\t, autoHeight: true\r\n\t\t\t\t\t\t})\r\n\t\t\t\t\t}\r\n\t\t\t\t});\r\n\t\t\t}\r\n\t\t\t\r\n\t\t\tgetPostscriptData(); // 이용후기 슬라이드 실행\r\n\r\n\t\t\t// 파트너사 페이지 연결\r\n\t\t\tconst microSite = (code) => {\r\n\t\t\t\twindow.open(\"https://24auction.co.kr/review/cp_view?ad=Y&main=Y&uid=\" + code + \"#review_box_list\", \"_blank\");\r\n\t\t\t}\r\n\t\t</script>\r\n\t\t\t\r\n\t\t\t\t\t\r\n\t</div>\r\n</section>\r\n\r\n\r\n<!--커뮤니티-->\r\n<style>\r\n\t.community-mgb { margin-bottom:80px; }\r\n\t.community_wrap > ul > li:nth-child(1) { width:760px; }\r\n\t@media only screen and (max-width: 959px) {\r\n\t\t.community_wrap > ul > li:nth-child(1) { margin-bottom: 30px; width:360px; }\r\n\t\t.community-mgb { margin-bottom:30px; }\r\n\t}\r\n</style>\r\n<section class=\"community_wrap center community-mgb\">\r\n\t<h2>고객과 함께하는<span class=\"color_pt\"> 커뮤니티</span></h2>\r\n\t<ul>\r\n\t\t<li>\r\n\t\t\t<h4><span class=\"color_pt\">질문답변</span><a class=\"plus\" href=\"/community/posts/jisik\">+</a></h4>\r\n\t\t\t<ul class=\"know_list\">\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/community/posts/jisik\">\r\n\t\t\t\t\t\t<div>Q. 아파트 20평대 보관이사</div>\r\n\t\t\t\t\t\t<div>A.\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t폐기물은 아파트 처리장까지 내려드리고\r\n\r\n보관이사는 빼는날 한번 들어가는날 한번 보관비 가들어\r\n\r\n갑니다 정확한건 방문견적이 필요합니다\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/community/posts/jisik\">\r\n\t\t\t\t\t\t<div>Q. 폐기물처리</div>\r\n\t\t\t\t\t\t<div>A.\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t안녕하세요 당연히 이사할집을 비워야하기에 두고가시는 물건이 아니면 아파트내 집화장으로 이동적재해드립니다\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/community/posts/jisik\">\r\n\t\t\t\t\t\t<div>Q. 폐기물도 같이 처리해주시나요?</div>\r\n\t\t\t\t\t\t<div>A.\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t버리는폐기물은 집밖으로 빼드리니 폐기물신고해서 버리는게 저렴합니다\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/community/posts/jisik\">\r\n\t\t\t\t\t\t<div>Q. 보관이사비용</div>\r\n\t\t\t\t\t\t<div>A.\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t견적신청하셔서 해당지역업체 연결되시면 방문견적을 받으세요\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t</ul>\r\n\t\t</li>\r\n\t\t<li>\r\n\t\t\t<h4>모두 <span class=\"color_pt\">꿀TIP</span> <a class=\"plus\" href=\"/v2/posts/tip\">+</a></h4>\r\n\t\t\t<ul class=\"huney_list\">\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/v2/posts/tip\">\r\n\t\t\t\t\t\t<div \t\t\t\t\t\tstyle=\"background-image: url('/community/storage/post/220110/220110101744_GwlkHfvfm.jpeg')\"\r\n\t\t\t\t\t\t\t\t\t\t\t\t>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/v2/posts/tip\">\r\n\t\t\t\t\t\t<div \t\t\t\t\t\tstyle=\"background-image: url('/community/storage/post/220428/220428052227_6sBPHItvd.png')\"\r\n\t\t\t\t\t\t\t\t\t\t\t\t>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/v2/posts/tip\">\r\n\t\t\t\t\t\t<div \t\t\t\t\t\tstyle=\"background-image: url('/community/storage/post/220228/220228114003_SD83UQLxh.jpeg')\"\r\n\t\t\t\t\t\t\t\t\t\t\t\t>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t\t<li>\r\n\t\t\t\t\t<a href=\"/v2/posts/tip\">\r\n\t\t\t\t\t\t<div \t\t\t\t\t\tstyle=\"background-image: url('/community/storage/post/220621/220621114127_MJXGHPGTN.png')\"\r\n\t\t\t\t\t\t\t\t\t\t\t\t>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</li>\r\n\t\t\t\t\t\t\t</ul>\r\n\t\t</li>\r\n\t</ul>\r\n</section>\r\n\r\n\r\n<!--파트너문의 고객센터\r\n<section class=\"customer_wrap\">\r\n\t<div class=\"center100\" >\r\n\t\t<div class=\"customer_box cusbg1\">\r\n\t\t\t<h2><span class=\"color_pt\">파트너</span> 입점 문의</h2>\r\n\t\t <p onclick=\"location.href='/v1/move/custom_business'\">이사업체 및 용달업체 <br />파트너 상시모집 </p>\r\n\t\t</div>\r\n\r\n\t\t<div class=\"customer_box cusbg3\">\r\n\t\t\t<dl>\r\n\t\t\t\t<dt class=\"pn_title\">광고 및 제휴제안</dt>\r\n\t\t\t\t<dd class=\"pn_tel\">모든 <span class=\"color_pt\">업종 업태</span> </dd>\r\n\t\t\t\t<dd class=\"pn_txt\" onclick=\"window.open('/v1/image/modoo24_partnership_211130.pdf')\"> 모두플랫폼은 다양한 분야의<br> 사업자와 함께 합니다</dd>\r\n\t\t\t</dl>\r\n\t\t</div>\r\n\t</div>\r\n</section>\r\n-->\r\n\r\n<!--앱나열 회사 소개 아이콘-->\r\n<section class=\"company_wrap\" style=\"display:none\">\r\n\t<div class=\"center\">\r\n\t\t<ul>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"http://modooplatform.co.kr/\" target=\"_blank\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_mf.png\" alt=\"모두플랫폼\"></p>\r\n\t\t\t\t\t<span>회사소개</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"https://www.youtube.com/channel/UCwoLZ9U8q024cWzjMk5qPKA\" target=\"_blank\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_youtube.png\" alt=\"모플유튜브\"></p>\r\n\t\t\t\t\t<span>모플유튜브</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"https://blog.naver.com/modoo24try\" target=\"_blank\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_bg.png\" alt=\"모플블로그\"></p>\r\n\t\t\t\t\t<span>모플블로그</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"https://www.facebook.com/modoomoving\" target=\"_blank\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_fb.png\" alt=\"모플페이스북\"></p>\r\n\t\t\t\t\t<span>모플페이스북</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"https://www.instagram.com/modoo24_official/\" target=\"_blank\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_it\" alt=\"모플인스타\"></p>\r\n\t\t\t\t\t<span>모플인스타</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/v2/event\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_evt.png\" alt=\"모플이벤트\"></p>\r\n\t\t\t\t\t<span>모플이벤트</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/v2/review\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_good.png\" alt=\"이사후기\"></p>\r\n\t\t\t\t\t<span>이사후기</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"https://pf.kakao.com/_kCylxb\" target=\"_blank\">\r\n\t\t\t\t\t<p><img src=\"/v1/image/main_N/info_kakao.png\" alt=\"모플카카오\"></p>\r\n\t\t\t\t\t<span>모플카카오</span>\r\n\t\t\t\t</a>\r\n\t\t\t</li>\r\n\t\t</ul>\r\n\t</div>\r\n</section>\r\n<!-- / content ST -->\r\n<style>\r\n\r\n\r\n\r\n</style>\r\n<!--푸터-->\r\n<footer>\r\n <div class=\"center\">\r\n <div class=\"foot_sns_set\">\r\n <ul>\r\n <li>\r\n <a class=\"blog\" href=\"https://blog.naver.com/modoo24try\" target=\"_blank\"></a>\r\n </li>\r\n <li>\r\n <a class=\"instagram\" href=\"https://www.instagram.com/modoo24_official/\" target=\"_blank\"></a>\r\n </li>\r\n <li>\r\n <a class=\"facebook\" href=\"https://www.facebook.com/modoomoving\" target=\"_blank\"></a>\r\n </li>\r\n <li>\r\n <a class=\"kakaoch\" href=\"https://pf.kakao.com/_kCylxb\" target=\"_blank\"></a>\r\n </li>\r\n </ul>\r\n </div>\r\n <ul class=\"ft_link\">\r\n <li class=\"modalpop_link\" link=\"/new_common/popup/accessterms.html\">\r\n 이용약관\r\n </li>\r\n <li class=\"modalpop_link color_pt\" link=\"/new_common/popup/personal_data.html\">\r\n 개인정보처리방침\r\n </li>\r\n <li class=\"modalpop_link\" link=\"/new_common/popup/personal_3.html\">\r\n 제 3자 제공동의\r\n </li>\r\n <li>\r\n <a href=\"/v1/move/custom_business\">파트너제휴</a>\r\n </li>\r\n <!-- <li class=\"modalpop_link\" link=\"/new_common/popup/free_event.html\">\r\n 사연모집\r\n </li> -->\r\n\r\n <li class=\"tabs\">\r\n <div class=\"tab\">\r\n <input type=\"checkbox\" id=\"chck1\">\r\n <label class=\"tab-label\" for=\"chck1\">사업자정보</label>\r\n <div class=\"tab-content\">\r\n (주)모두플랫폼 대표 : 심준보 <span>|</span> 주소 : 인천광역시 연수구 함박뫼로 50번길 95, 5층(연수동) <span>|</span> TEL : 1600 - 7728 <span>|</span>\r\n FAX : 032 - 811 - 2482<span>|</span>사업자 등록번호 : 236-81-01081 <span>|</span> 통신판매업신고증 : 제 2019-인천연수구-0290 호<span>|</span>\r\n </div>\r\n </div>\r\n </li>\r\n\r\n\r\n <script>\r\n window.console = window.console || function(t) {};\r\n\r\n </script>\r\n\r\n\r\n\r\n <script>\r\n if (document.location.search.match(/type=embed/gi)) {\r\n window.parent.postMessage(\"resize\", \"*\");\r\n }\r\n\r\n </script>\r\n\r\n </ul>\r\n <p class=\"addr pc\">(주)모두플랫폼 대표 : 심준보 <span>|</span> 주소 : 인천광역시 연수구 함박뫼로 50번길 95, 5층(연수동)</p>\r\n <ul class=\"tel pc\">\r\n <li>TEL : 1600 - 7728</li>\r\n <li>FAX : 032 - 811 - 2482</li>\r\n <li>사업자 등록번호 : 236-81-01081</li>\r\n <li>통신판매업신고증 : 제 2019-인천연수구-0290 호</li>\r\n </ul>\r\n\r\n <p class=\"clearb\">모두플랫폼은 OnLine Total Life Care Service Open Market을 주사업으로 하며\r\n <span class=\"color_pt\">이사서비스의 계약과 운송책임은 이사서비스제공 운송사업자와 계약당사자간에 있습니다.</span>\r\n </p>\r\n <p class=\"copy\">Copyright © 모두플랫폼 Corporation All rights reserved.</p>\r\n <a href=\"mailto:[email protected]\">광고 및 제휴문의 – [email protected] </a>\r\n\r\n </div>\r\n\r\n</footer>\r\n\r\n\r\n<!--토글-->\r\n<div class=\"mobile\" style=\"z-index:900; position:fixed; display:none !important;\">\r\n\t<input type=\"checkbox\" name=\"toggle\" id=\"toggle\" />\r\n\t<label for=\"toggle\"></label>\r\n\r\n\t<div class=\"message\">\r\n\t\t<form>\r\n\t\t\t<ul class=\"box02\">\r\n\t\t\t\t<li><span>이사일</span>\r\n\t\t\t\t\t<div class=\"move_Box\">\r\n\t\t\t\t\t\t<input type=\"text\" placeholder=\"이사일\" class=\"sel-datepicker\" name=\"t_dday\">\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li>\r\n\t\t\t\t\t<span>이사종류</span>\r\n\t\t\t\t\t<div style=\"display: inline-block\">\r\n\t\t\t\t\t\t<select class=\"select\" name=\"t_kinds\">\r\n\t\t\t\t\t\t\t<option value=\"\">이사종류</option>\r\n\t\t\t\t\t\t\t<option value=\"가정\">가정이사</option>\r\n\t\t\t\t\t\t\t<option value=\"소형\">소형이사</option>\r\n\t\t\t\t\t\t\t<option value=\"사무실\">사무실이사</option>\r\n\t\t\t\t\t\t</select>\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li>\r\n\t\t\t\t\t<span>고객명</span>\r\n\t\t\t\t\t<div class=\"move_Box\">\r\n\t\t\t\t\t\t<input type=\"text\" placeholder=\"고객명\" name=\"t_name\">\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li>\r\n\t\t\t\t<!-- <li>\r\n\t\t\t\t\t<span>연락처</span>\r\n\t\t\t\t\t<div class=\"move_Box\">\r\n\t\t\t\t\t\t<input placeholder=\"번호만 입력해주세요\" maxlength=\"12\" name=\"t_hp\">\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</li> -->\r\n\r\n\t\t\t\t<!-- written by bhh : 2023-09-16 -->\r\n\t\t\t\t<li id=\"simple_hp_area_m\">\r\n\t\t\t\t\t<div class=\"move_Box\">\r\n\t\t\t\t\t\t<input placeholder=\"휴대폰번호 숫자만 입력\" maxlength=\"12\" name=\"t_hp\" id=\"simp_auth_hp_m\">\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<button type=\"button\" onclick=\"simpleAuthSend_m()\" style=\"display:inline-block; border:0; background-color:#316acb; font-size:0.8rem; padding:5px 10px; border-radius:3px; color:#fff;\">인증번호 전송</button>\r\n\t\t\t\t</li>\r\n\t\t\t\t<li id=\"simple_auth_area_m\" style=\"display:none; margin-top:5px;\">\r\n\t\t\t\t\t<div class=\"move_Box\">\r\n\t\t\t\t\t\t<span> </span><input placeholder=\"인증번호 입력\" maxlength=\"12\" name=\"simp_auth_num\" id=\"simp_auth_num_m\">\r\n\t\t\t\t\t</div>\r\n\t\t\t\t\t<button type=\"button\" onclick=\"simpleSendAuthNum_m()\" style=\"display:inline-block; border:0; background-color:#ff6600; font-size:0.9rem; padding:5px 15px; border-radius:3px; color:#fff;\">번호 전송하기</button>\r\n\t\t\t\t</li>\r\n\t\t\t</ul>\r\n\r\n\t\t\t<!-- 토글 간편견적 수정_1101 -->\r\n\t\t\t<div class=\"message_box03\">\r\n\t\t\t\t<ul class=\"box03\">\r\n\t\t\t\t\t<li>\r\n\t\t\t\t\t\t<div class=\"checks\">\r\n\t\t\t\t\t\t\t<div class=\"checks etrans\">\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" id=\"ex_m_chk0\" onclick=\"selectAll(this)\">\r\n\t\t\t\t\t\t\t\t<label for=\"ex_m_chk0\"></label>\r\n\t\t\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t\t\t<b style=\"color:#000\">전체 동의</b>\r\n\t\t\t\t\t\t\t\t</p>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li>\r\n\t\t\t\t\t\t<div class=\"checks\">\r\n\t\t\t\t\t\t\t<div class=\"checks etrans\">\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" id=\"ex_m_chk2\" name=\"simplyRegPrivacy\" value=\"Y\">\r\n\t\t\t\t\t\t\t\t<label for=\"ex_m_chk2\"></label>\r\n\t\t\t\t\t\t\t\t<p class=\"modalpop_link\" link=\"/new_common/popup/accessterms.html\">\r\n\t\t\t\t\t\t\t\t이용약관\r\n\t\t\t\t\t\t\t\t</p>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li>\r\n\t\t\t\t\t\t<div class=\"checks\">\r\n\t\t\t\t\t\t\t<div class=\"checks etrans\">\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" id=\"ex_m_chk3\" name=\"simplyRegJoint\" value=\"Y\">\r\n\t\t\t\t\t\t\t\t<label for=\"ex_m_chk3\"></label>\r\n\t\t\t\t\t\t\t\t<p class=\"modalpop_link\" link=\"/new_common/popup/personal_data.html\">\r\n\t\t\t\t\t\t\t\t\t개인정보처리방침\r\n\t\t\t\t\t\t\t\t</p>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t\t<li>\r\n\t\t\t\t\t\t<div class=\"checks\">\r\n\t\t\t\t\t\t\t<div class=\"checks etrans\">\r\n\t\t\t\t\t\t\t\t<input type=\"checkbox\" id=\"ex_m_chk4\" name=\"simplyMarketting\" value=\"Y\">\r\n\t\t\t\t\t\t\t\t<label for=\"ex_m_chk4\"></label>\r\n\t\t\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t\t\t<a class=\"modalpop_link\" link=\"/new_common/popup/personal_3.html\">제3자 제공동의</a> / <a class=\"modalpop_link\" link=\"/new_common/popup/mkt_ok.html\">마케팅 동의</a>\r\n\t\t\t\t\t\t\t\t</p>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t</li>\r\n\t\t\t\t</ul>\r\n\t\t\t\t<button type=\"button\" class=\"btn_simply simple-reg-btn\"><span class=\"color_yw\">무료견적</span><br />간편신청</button>\r\n\t\t\t</div>\r\n\t\t</form>\r\n\t</div>\r\n</div>\r\n\r\n\r\n<div id=\"feedback_simple\"></div>\r\n\r\n\r\n<!-- written by bhh : 2023-09-16 -->\r\n<script>\r\n\t// 인증했는지 여부\r\n\tlet simpleAuthNumberCheckValue = 'N';\r\n\r\n\t// 휴대폰으로 인증번호 전송\r\n\tconst simpleAuthSend = () => {\r\n\t\tlet simp_auth_hp = document.querySelector(\".simp_auth_hp\").value;\r\n\t\tif (simp_auth_hp == '') {\r\n\t\t\talert('휴대폰 번호를 입력해주세요.');\r\n\t\t\treturn;\r\n\t\t}\r\n\r\n\t\t$.ajax({\r\n\t\t\turl : \"/v2/testPage/auth\"\r\n\t\t\t, method : 'get'\r\n\t\t\t, data : { hp:simp_auth_hp }\r\n\t\t\t, success : function(res){\r\n\t\t\t\t// 성공 했을때\r\n\t\t\t\tlet simple_hp_area = document.querySelector(\".simple_hp_area\");\r\n\t\t\t\tsimple_hp_area.style.display = 'none'; // 휴대폰 영역 안보이게\r\n\r\n\t\t\t\tlet simple_auth_area = document.querySelector(\".simple_auth_area\");\r\n\t\t\t\tsimple_auth_area.style.display = 'block'; // 인증 영역 보이게\r\n\r\n\t\t\t\t$(\"#feedback_simple\").html(res);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n\r\n\t// 인증번호 체크\r\n\tconst simpleSendAuthNum = () => {\r\n\t\t// 휴대폰 번호\r\n\t\tlet simp_auth_hp = document.querySelector(\".simp_auth_hp\").value;\r\n\r\n\t\t// 인증번호\r\n\t\tlet simp_auth_num = document.querySelector(\".simp_auth_num\").value;\r\n\t\tif (simp_auth_num == '') {\r\n\t\t\talert('인증번호를 입력해주세요.');\r\n\t\t\treturn;\r\n\t\t}\r\n\r\n\t\t$.ajax({\r\n\t\t\turl : \"/v2/testPage/authChk\"\r\n\t\t\t, method : 'get'\r\n\t\t\t, data : { type:'simple', hp:simp_auth_hp, auth_num:simp_auth_num }\r\n\t\t\t, success : function(res){\r\n\t\t\t\t$(\"#feedback_simple\").html(res);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n\r\n\t// 모바일 휴대폰으로 인증번호 전송\r\n\tconst simpleAuthSend_m = () => {\r\n\t\tlet simp_auth_hp = document.querySelector(\"#simp_auth_hp_m\").value;\r\n\t\tif (simp_auth_hp == '') {\r\n\t\t\talert('휴대폰 번호를 입력해주세요.');\r\n\t\t\treturn;\r\n\t\t}\r\n\r\n\t\t$.ajax({\r\n\t\t\turl : \"/v2/testPage/auth\"\r\n\t\t\t, method : 'get'\r\n\t\t\t, data : { hp:simp_auth_hp }\r\n\t\t\t, success : function(res){\r\n\t\t\t\t// 성공 했을때\r\n\t\t\t\tlet simple_hp_area_m = document.querySelector(\"#simple_hp_area_m\");\r\n\t\t\t\tsimple_hp_area_m.style.display = 'none'; // 휴대폰 영역 안보이게\r\n\r\n\t\t\t\tlet simple_auth_area_m = document.querySelector(\"#simple_auth_area_m\");\r\n\t\t\t\tsimple_auth_area_m.style.display = 'block'; // 인증 영역 보이게\r\n\r\n\t\t\t\t$(\"#feedback_simple\").html(res);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n\r\n\t// 모바일 인증번호 체크\r\n\tconst simpleSendAuthNum_m = () => {\r\n\t\t// 휴대폰 번호\r\n\t\tlet simp_auth_hp_m = document.querySelector(\"#simp_auth_hp_m\").value;\r\n\r\n\t\t// 인증번호\r\n\t\tlet simp_auth_num_m = document.querySelector(\"#simp_auth_num_m\").value;\r\n\t\tif (simp_auth_num_m == '') {\r\n\t\t\talert('인증번호를 입력해주세요.');\r\n\t\t\treturn;\r\n\t\t}\r\n\r\n\t\t$.ajax({\r\n\t\t\turl : \"/v2/testPage/authChk\"\r\n\t\t\t, method : 'get'\r\n\t\t\t, data : { type:'simple', hp:simp_auth_hp_m, auth_num:simp_auth_num_m }\r\n\t\t\t, success : function(res){\r\n\t\t\t\t$(\"#feedback_simple\").html(res);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n</script>\r\n\r\n\r\n\r\n<!-- nface ai pop -->\r\n<link rel=\"stylesheet\" href=\"/community/assets/css/flexgrid.css\">\r\n<link rel=\"stylesheet\" href=\"/community/assets/css/orderpop.css?v=20222225160000\">\r\n\r\n<link rel=\"stylesheet\" href=\"/community/assets/css/orderpopdetail.css?v=20221025133800\">\r\n<style>\r\n.w-100{\r\n width: 100%;\r\n}\r\n.pop-page-step-footer{\r\n display: flex;\r\n justify-content: center;\r\n}\r\n\r\n.pop-page-content-pop-bg{\r\n z-index : 1005;\r\n position: absolute;\r\n background-color: rgb(0 0 0 / 0%);\r\n top: 0;bottom: 0;left: 0;right: 0;\r\n transition: background 500ms;\r\n display:none;\r\n}\r\n.pop-page-content-pop-bg.opened{\r\n background-color: rgb(0 0 0 / 80%);\r\n transition: background-color 800ms;\r\n display:block;\r\n}\r\n.pop-page-content-pop{\r\n max-height: calc( 100% - 44px - var(--navbar-stepper-height) - ( var(--page-step-header-realheight) * 3 ) );\r\n position: absolute;\r\n z-index: 1005;\r\n bottom: 0;\r\n right: 0;\r\n left: 0;\r\n overflow: hidden;\r\n transform: translate3d(0, 2000px, 0);\r\n transition: background-color 800ms\r\n}\r\n.pop-page-content-pop.opened{\r\n transform: translate3d(0, 0, 0);\r\n transition: transform 500ms;\r\n}\r\n\r\n.pop-page-content-pop-head{\r\n background-color: #55acee;\r\n color: white;\r\n margin: 0 10px;\r\n padding: 10px 20px;\r\n border-top-left-radius: 5px;\r\n border-top-right-radius: 5px;\r\n border: 1px solid #406b8b;\r\n display: flex;\r\n justify-content: space-between;\r\n}\r\n\r\n.pop-page-content-pop-head-closebtn i{\r\n font-size: 22px;\r\n color: #f3f3f3;\r\n cursor: pointer;\r\n}\r\n.pop-page-content-pop-body{\r\n max-height: 60vh;\r\n overflow-y: auto;\r\n margin: 0 10px;\r\n background: white;\r\n border-left: 1px solid #406b8b;\r\n border-right: 1px solid #406b8b;\r\n}\r\n.pop-page-content-pop-body-cont{\r\n}\r\n\r\n\r\n.pop-page-options-wrap{\r\n padding: 20px 10px;\r\n}\r\n.pop-page-options-select{\r\n display: flex;\r\n justify-content: end;\r\n margin-bottom: 10px;\r\n color: #666;\r\n}\r\n.pop-page-options-select-item{\r\n margin-right: 8px;\r\n color: #282828;\r\n}\r\n.pop-page-options-list{\r\n -webkit-box-shadow: inset 0 1px 0 0 #c7c7c7, inset 0 -1px 0 0 #c7c7c7;\r\n box-shadow: inset 0 1px 0 0 #c7c7c7, inset 0 -1px 0 0 #c7c7c7;\r\n --pop-page-options-per-row: 1;\r\n display: flex;\r\n flex-wrap: wrap;\r\n width: 100%;\r\n justify-content: flex-end;\r\n}\r\n.pop-page-options-list-item{\r\n --pop-content-list-select-space: 10px;\r\n --pop-content-list-select-space-bottom: 10px;\r\n --f7-touch-ripple-color: rgba(0, 122, 255 , 0.25);\r\n --goods-stepper-height: 28px;\r\n --goods-stepper-border-radius: 5px;\r\n --goods-stepper-color: #666;\r\n --goods-stepper-button-text-color: #666;\r\n --goods-stepper-button-bg-color: #eee;\r\n display: flex;\r\n justify-content: space-between;\r\n padding:15px 20px;\r\n border-bottom: 1px solid rgba(0, 0, 0, 0.05);\r\n width: calc( 100% / var(--pop-page-options-per-row) );\r\n max-width: 400px;\r\n}\r\n.pop-page-options-list .pop-page-options-list-item:last-child{\r\n border-bottom:none;\r\n}\r\n.pop-page-options-list-item-title{\r\n line-height: 28px;\r\n margin-right: 30px;\r\n}\r\n\r\n.pop-page-options-btnwrap{\r\n display: flex;\r\n justify-content: flex-end;\r\n padding-right: 15px;\r\n}\r\n</style>\r\n\r\n<style>\r\n/* loader */\r\n#nfacepoploader,#aipoploader{\r\n position: absolute;\r\n top: 0;\r\n bottom: 0;\r\n left: 0;\r\n right: 0;\r\n background-color: rgb(0 0 0 / 80%);\r\n z-index: 510;\r\n display: none;\r\n}\r\n#nfacepoploader.loading,#aipoploader.loading{\r\n display: block;\r\n}\r\n#nfacepoploader .nfacepoploader-wrapper,\r\n#aipoploader .nfacepoploader-wrapper {\r\n position: absolute;\r\n width: 200px;\r\n height: 2px;\r\n left: 0;\r\n right: 0;\r\n bottom: 0;\r\n top: 0;\r\n margin: auto;\r\n}\r\n.nfacepoploader-loader {\r\n height: 100%;\r\n display: flex;\r\n transform: translateZ(0);\r\n}\r\n.nfacepoploader-loader div {\r\n flex: 1;\r\n background: #0092ff;\r\n -webkit-animation: nfacepoploadergo 0.8s infinite alternate ease;\r\n animation: nfacepoploadergo 0.8s infinite alternate ease;\r\n box-shadow: 0 0 20px #1469a8;\r\n}\r\n.nfacepoploader-loader div:nth-child(1) {\r\n -webkit-animation-delay: -0.72s;\r\n animation-delay: -0.72s;\r\n}\r\n.nfacepoploader-loader div:nth-child(2) {\r\n -webkit-animation-delay: -0.64s;\r\n animation-delay: -0.64s;\r\n}\r\n.nfacepoploader-loader div:nth-child(3) {\r\n -webkit-animation-delay: -0.56s;\r\n animation-delay: -0.56s;\r\n}\r\n.nfacepoploader-loader div:nth-child(4) {\r\n -webkit-animation-delay: -0.48s;\r\n animation-delay: -0.48s;\r\n}\r\n.nfacepoploader-loader div:nth-child(5) {\r\n -webkit-animation-delay: -0.4s;\r\n animation-delay: -0.4s;\r\n}\r\n.nfacepoploader-loader div:nth-child(6) {\r\n -webkit-animation-delay: -0.32s;\r\n animation-delay: -0.32s;\r\n}\r\n.nfacepoploader-loader div:nth-child(7) {\r\n -webkit-animation-delay: -0.24s;\r\n animation-delay: -0.24s;\r\n}\r\n.nfacepoploader-loader div:nth-child(8) {\r\n -webkit-animation-delay: -0.16s;\r\n animation-delay: -0.16s;\r\n}\r\n.nfacepoploader-loader div:nth-child(9) {\r\n -webkit-animation-delay: -0.08s;\r\n animation-delay: -0.08s;\r\n}\r\n.nfacepoploader-loader div:nth-child(10) {\r\n -webkit-animation-delay: 0s;\r\n animation-delay: 0s;\r\n}\r\n\r\n@-webkit-keyframes nfacepoploadergo {\r\n 100% {\r\n background: transparent;\r\n flex: 10;\r\n box-shadow: 0 0 0 transparent;\r\n }\r\n}\r\n\r\n@keyframes nfacepoploadergo {\r\n 100% {\r\n background: transparent;\r\n flex: 10;\r\n box-shadow: 0 0 0 transparent;\r\n }\r\n}\r\n.inpopup-inline-progressbar-wrap{\r\n position: absolute;\r\n bottom:0;left:0;right:0;\r\n height: 3px;\r\n overflow: hidden;\r\n}\r\n.inpopup-inline-progressbar{\r\n width: 100%;\r\n overflow: hidden;\r\n position: relative;\r\n display: block;\r\n transform-style: preserve-3d;\r\n background: rgb(81 147 182 / 35%);\r\n transform-origin: center top;\r\n height: 4px;\r\n border-radius: 4px;\r\n}\r\n.inpopup-inline-progressbar >span{\r\n background-color: #5193b6;\r\n width: 100%;\r\n height: 100%;\r\n position: absolute;\r\n left: 0;\r\n top: 0;\r\n transform: translate3d(-100%,0,0);\r\n transition-duration: 150ms;\r\n border-radius: 4px;\r\n}\r\n</style>\r\n\r\n<div class=\"popup-backdrop\" id=\"popnbackdrop\"></div>\r\n\r\n <div id=\"daumlayer\" style=\"\">\r\n <img src=\"//t1.daumcdn.net/postcode/resource/images/close.png\" id=\"daumbtnCloseLayer\" style=\"\" onclick=\"closeDaumPostcode()\" alt=\"닫기 버튼\">\r\n </div>\r\n\r\n <div class=\"popup modal-in modal-out\" id=\"popnmodal\">\r\n <div class=\"page\">\r\n <div class=\"pop-navbar elevation-1\">\r\n <div class=\"pop-navbar-bg\"></div>\r\n\r\n <div class=\"pop-navbar-inner\">\r\n <div class=\"pop-left\">\r\n <span class=\"link pop-back\" onClick=\"history.back()\"><i class=\"fas fa-chevron-left\"></i></span>\r\n </div>\r\n <div class=\"pop-title\">비대면견적신청</div>\r\n <div class=\"pop-right\">\r\n <span class=\"link pop-close\" onClick=\"closepopnbtn()\">\r\n <i class=\"fas fa-times\"></i>\r\n </span>\r\n </div>\r\n </div>\r\n\r\n <div class=\"pop-navbar-inner pop-navbar-stepper\">\r\n <div class='top-steps-wrap'>\r\n <div class='step-1 top-step-ing' id=\"topstepper_1\" data-step='1' >1</div>\r\n <div class='line-1'></div>\r\n <div class='step-2 ' id=\"topstepper_2\" data-step='2' >2</div>\r\n <div class='line-2'></div>\r\n <div class='step-3' id=\"topstepper_3\" data-step='3' >3</div>\r\n <div class='line-3'></div>\r\n <div class='step-4' id=\"topstepper_4\" data-step='4' >4</div>\r\n <div class='line-5'></div>\r\n <div class='step-6' id=\"topstepper_5\" data-step='5' >5</div>\r\n </div>\r\n </div>\r\n <div class=\"inpopup-inline-progressbar-wrap\">\r\n <div class=\"inpopup-inline-progressbar\">\r\n <span id=\"inpopup-inline-progressbar\"></span>\r\n </div>\r\n </div>\r\n </div>\r\n\r\n\r\n\r\n <div class=\"pop-page-content overflowhidden\">\r\n <form id=\"pop-page-form\">\r\n <input class=\"input jspersist\" type=\"checkbox\" checked style=\"display:none\">\r\n\r\n <div class=\"pop-page-step step1 step-avail-open step-opened step-last-call\" data-step='1' id=\"popn_step_1\" data-url=\"step1\">\r\n <style>\r\n#popnmodal {\r\n --calendar-cell-width : 50px;\r\n --calendar-cell-height : 50px;\r\n}\r\n.movedate-txt-son-wrap{width: 51%; margin: 0 auto;}\r\n\r\n@media screen and (max-width: 768px) {\r\n .movedate-txt-son-wrap{width: 100%}\r\n}\r\n</style>\r\n\r\n\r\n<div class=\"pop-page-step-header\">\r\n <div class=\"pop-page-step-header-inner\">\r\n 이사일 선택\r\n </div>\r\n</div>\r\n<div class=\"pop-page-step-body\">\r\n <!-- 이사 관련 설문 추가 시작 20221005 -->\r\n <div class=\"step-body-section\">\r\n <p class=\"select-moveing-type-head\">이사업체 선정 시 가장 중요하게 생각하시는 요인은 무엇인가요?</p>\r\n <div class=\"nface_step00\">\r\n <label for=\"n_survey_answer_1_1\">\r\n <input type=\"radio\" name=\"survey_answer_1\" id=\"n_survey_answer_1_1\" class=\"n_price_radio\" value=\"가격\">\r\n <p class=\"radio_title\">가격</p>\r\n </label>\r\n <label for=\"n_survey_answer_1_2\">\r\n <input type=\"radio\" name=\"survey_answer_1\" id=\"n_survey_answer_1_2\" class=\"n_price_radio\" value=\"A/S\">\r\n <p class=\"radio_title\">A/S</p>\r\n </label>\r\n <label for=\"n_survey_answer_1_3\">\r\n <input type=\"radio\" name=\"survey_answer_1\" id=\"n_survey_answer_1_3\" class=\"n_price_radio\" value=\"전문성\">\r\n <p class=\"radio_title\">전문성</p>\r\n </label>\r\n </div>\r\n </div>\r\n\t<!-- 이사 관련 설문 추가 끝 20221005 -->\r\n <div class=\"step-body-section\">\r\n <!-- 이사 관련 설문 추가 시작 20221005 -->\r\n <p class=\"select-moveing-type-head\">이사일 선택</p>\r\n <!-- 이사 관련 설문 추가 끝 20221005 -->\r\n <div class=\"pop-content-wrap select-moveing-type\">\r\n <div class=\"\" style=\"position:absolute;top:10px;right:20px;color:white;cursor:pointer;\"><i class=\"far fa-trash-alt\" onClick=\"clearnreload()\" style=\"color:white;\"></i></div>\r\n <div class=\"nface-step-movedate-wrap\">\r\n\r\n <div id=\"nface-step-movedate\"></div>\r\n <input type=\"hidden\" name=\"mdate\" id=\"nface-step-mdate-inp\" value=\"\">\r\n\r\n </div>\r\n\r\n <div class=\"pop-page-step-footer\">\r\n <span class=\"btn btn-secondary\" onclick=\"gotoNextStep()\">다음</span>\r\n </div>\r\n\r\n <div class=\"movedate-txt-son-wrap\">\r\n <div class=\"txt-son-info\"><span></span>표시는 손없는 날입니다</div>\r\n <div class=\"txt-expensive-move-day\"><span class=\"pt_red\">금요일, 월말, 손없는날</span>을 피하시면 저렴하게 이사하실수 있습니다.</div>\r\n </div>\r\n\r\n </div>\r\n </div>\r\n\r\n</div>\r\n\r\n\r\n<script type=\"text/javascript\">\r\nvar nfacedatepicker\r\n $(function () {\r\n var startMovingDate = new Date();\r\n var endMovingDate = new Date();\r\n var numberOfDaysStart = 1;\r\n var numberOfDaysEnd = 200;\r\n startMovingDate.setDate(startMovingDate.getDate() + numberOfDaysStart);\r\n endMovingDate.setDate(startMovingDate.getDate() + numberOfDaysEnd);\r\n\r\n $('#nface-step-movedate').datepicker({\r\n inline: true,\r\n sideBySide: false,\r\n format: \"yyyy-mm-dd\",\r\n language: \"ko\",\r\n startDate: startMovingDate,\r\n endDate:endMovingDate,\r\n todayHighlight: true,\r\n container: '#nface-step-movedate-container',\r\n orientation: \"auto top\",\r\n\r\n beforeShowDay: function(date){\r\n let son = solarToLunar( date.getFullYear() ,date.getMonth()+1, date.getDate(), true);\r\n //console.log ( date.getFullYear() +\"-\"+date.getMonth()+\"-\"+ date.getDate()+\" : \" + solarToLunar( date.getFullYear() ,date.getMonth(), date.getDate() ) )\r\n if( son ) {\r\n return {\r\n tooltip: '손'+ date.getFullYear() +\"-\"+(date.getMonth()+1) +\"-\"+ date.getDate(),\r\n classes: 'son-active'\r\n }\r\n }\r\n },\r\n }).on('changeDate', function(e) {\r\n $(\"#nface-step-mdate-inp\").val( moment(e.date).format('YYYY-MM-DD'))\r\n });\r\n $('#nface-step-modedate').on('dp.change', function(event) { console.log(event.date); });\r\n });\r\n</script>\r\n <input type=\"text\" name=\"null\" style=\"height:0;width:0;border:none;\">\r\n </div>\r\n\r\n <div class=\"pop-page-step step2\" data-step='2' id=\"popn_step_2\" data-url=\"step2\">\r\n <style>\r\n /*.step-radio-labelclass input[type=\"radio\"]:checked+.step-radio-label {\r\n background-color: #00beff !important;\r\n }*/\r\n\r\n</style>\r\n\r\n\r\n<div class=\"pop-page-step-header\">\r\n <div class=\"pop-page-step-header-inner\">\r\n 이사종류\r\n </div>\r\n</div>\r\n<div class=\"pop-page-step-body\">\r\n <div class=\"step-body-section\">\r\n\r\n <div class=\"pop-content-wrap select-moveing-type\">\r\n <div class=\"select-moveing-type-wrap\">\r\n <div class=\"select-moveing-type-head\">\r\n <span>이사종류</span>\r\n </div>\r\n\r\n\r\n <div class=\"select-moveing-type-body\">\r\n <div class=\"select-moveing-type-body-inner flex-row flex-direction-column\">\r\n\r\n <div class=\"flex-row w-100 select-moveing-type-items select-moving-type-first\">\r\n <div class=\" flex-col select-moveing-type-item\">\r\n\r\n <label class=\"step-radio-labelclass\">\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"movingtype\" value=\"small\" onchange=\"nfacestep3showing()\" checked=\"checked\">\r\n <div class=\"step-radio-label\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">소형이사</div>\r\n <div class=\"step-radio-label-text-item label-text-item-detail\">(예 : 원룸 )</div>\r\n </div>\r\n\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-house-user\"></i></span>\r\n </div>\r\n </label>\r\n\r\n </div>\r\n <div class=\" flex-col select-moveing-type-item\">\r\n<!--\r\n <label class=\"step-radio-labelclass\">\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"movingtype\" value=\"home\" onChange=\"nfacestep3showing()\">\r\n <div class=\"step-radio-label\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">가정이사</div>\r\n <div class=\"step-radio-label-text-item label-text-item-detail\">(예 : 아파트 )</div>\r\n </div>\r\n\r\n\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-home\"></i></span>\r\n </div>\r\n </label>\r\n-->\r\n </div>\r\n <div class=\" flex-col select-moveing-type-item\">\r\n<!--\r\n <label class=\"step-radio-labelclass\">\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"movingtype\" value=\"office\" onChange=\"nfacestep3showing()\">\r\n <div class=\"step-radio-label\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">사무실이사</div>\r\n <div class=\"step-radio-label-text-item label-text-item-detail\">(예 : 오피스텔,공장 )</div>\r\n </div>\r\n\r\n\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-building\"></i></span>\r\n </div>\r\n </label>\r\n-->\r\n </div>\r\n </div>\r\n\r\n <div class=\"flex-row w-100 select-moveing-type-items select-moving-type-second\">\r\n <div class=\"flex-col select-moveing-type-item\">\r\n\r\n <label class=\"step-radio-labelclass\">\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"movingmethod\" value=\"packaging\">\r\n <div class=\"step-radio-label-step\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">포장이사</div>\r\n </div>\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-check\"></i></span>\r\n </div>\r\n </label>\r\n </div>\r\n <div class=\"flex-col select-moveing-type-item\">\r\n <label class=\"step-radio-labelclass\">\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"movingmethod\" value=\"half-packaging\">\r\n <div class=\"step-radio-label-step\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">반포장이사</div>\r\n </div>\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-check\"></i></span>\r\n </div>\r\n </label>\r\n </div>\r\n <div class=\"flex-col select-moveing-type-item\">\r\n <label class=\"step-radio-labelclass\">\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"movingmethod\" value=\"carrying\">\r\n <div class=\"step-radio-label-step\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">일반이사</div>\r\n <div class=\"step-radio-label-text-item label-text-item-detail\">(운반만)</div>\r\n </div>\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-check\"></i></span>\r\n </div>\r\n </label>\r\n </div>\r\n </div>\r\n\r\n </div>\r\n\r\n </div>\r\n\r\n <div class=\"select-moveing-type-body-sub\">\r\n\r\n <div class=\"step-onoff-wrap\">\r\n <div class=\"input-toggle-wrap\">\r\n <div class=\"input-toggle-line\">무거운 짐(가전,가구 등)을 함께 옮겨 주실수 있나요?</div>\r\n <div class=\"togglebutton texttoggle\">\r\n <label>\r\n <input type=\"checkbox\" name=\"s_help_no\" checked=\"\" data-to=\"s_help_no\">\r\n <span class=\"toggle\">\r\n <span class=\"toggle-avail-label\" data-off=\"NO\" data-on=\"YES\"></span>\r\n </span>\r\n </label>\r\n </div>\r\n\r\n </div>\r\n </div>\r\n\r\n </div>\r\n\r\n </div>\r\n\r\n </div>\r\n </div>\r\n <!-- / 이사종류 -->\r\n\r\n <div class=\"step-body-section\">\r\n <div class=\"pop-content-wrap select-moveing-type\">\r\n <div class=\"select-moveing-type-wrap\">\r\n <div class=\"select-moveing-type-head\">\r\n <span>이삿짐 확인</span>\r\n </div>\r\n <div class=\"select-moveing-type-body\">\r\n\r\n <div class=\"select-moveing-type-body-inner flex-row justify-content-center\">\r\n\r\n <div class=\"col-50 select-moveing-type-items select-moving-goods select-moving-goods-first\">\r\n <div class=\"select-moveing-type-item\">\r\n <label class=\"step-radio-labelclass\">\r\n <!-- 짐량확인은 picture or list -->\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"moving-goods-method\" value=\"list\" onChange=\"changeNfaceGoodsMethod()\">\r\n <div class=\"step-radio-label-step\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">리스트로</div>\r\n <div class=\"step-radio-label-text-item\">짐량확인</div>\r\n </div>\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-check\"></i></span>\r\n </div>\r\n </label>\r\n </div>\r\n </div>\r\n\r\n <div class=\"col-50 select-moveing-type-items select-moving-goods select-moving-goods-second\">\r\n <div class=\"select-moveing-type-item\">\r\n <label class=\"step-radio-labelclass\">\r\n <!-- 짐량확인은 picture or list -->\r\n <input type=\"radio\" class=\"step-radio select-moveing-radio\" name=\"moving-goods-method\" value=\"picture\" onChange=\"changeNfaceGoodsMethod()\">\r\n <div class=\"step-radio-label-step\">\r\n <div class=\"step-radio-label-text\">\r\n <div class=\"step-radio-label-text-item\">사진으로</div>\r\n <div class=\"step-radio-label-text-item\">짐량확인</div>\r\n </div>\r\n\r\n <span class=\"step-radio-label-check\"><i class=\"fas fa-check\"></i></span>\r\n </div>\r\n <!--<span class=\"circle\">\r\n <span class=\"check\"></span>\r\n </span>-->\r\n </label>\r\n </div>\r\n </div>\r\n\r\n </div>\r\n\r\n </div>\r\n </div>\r\n </div>\r\n </div>\r\n\r\n <div class=\"pop-page-step-footer\">\r\n <span class=\"btn btn-secondary\" onclick=\"gotoNextStep()\">다음</span>\r\n </div>\r\n\r\n</div>\r\n<script>\r\n /*\r\n changeNfaceGoodsMethod : stpep4에 있음\r\n*/\r\n function nfacestep3showing() {\r\n var movingtype = $(\"input[name=movingtype]:checked\").val()\r\n if (movingtype == 'small') {\r\n $(\".select-moveing-type-body-sub\").show();\r\n $(\".select-moving-goods\").show();\r\n } else if (movingtype == 'office') {\r\n $(\".select-moveing-type-body-sub\").hide();\r\n $(\".select-moving-goods\").show();\r\n } else if (movingtype == 'home') {\r\n $(\".select-moveing-type-body-sub\").hide();\r\n $(\".select-moving-goods-first\").hide();\r\n $(\".select-moving-goods-second\").show();\r\n if ($(\"input:radio[name ='moving-goods-method']:checked\").val() != 'picture') {\r\n $(\"input:radio[name ='moving-goods-method']:input[value='picture']\").prop(\"checked\", true);\r\n changeNfaceGoodsMethod()\r\n }\r\n }\r\n }\r\n\r\n $(\"document\").ready(function() {\r\n $(\"body\").on(\"stepPopOpended\", function() {\r\n nfacestep3showing();\r\n changeNfaceGoodsMethod();\r\n })\r\n })\r\n\r\n</script>\r\n <input type=\"text\" name=\"null\" style=\"height:0;width:0;border:none;\">\r\n </div>\r\n <div class=\"pop-page-step step3\" data-step='3' id=\"popn_step_3\" data-url=\"step3\">\r\n <div class=\"pop-page-step-header\">\r\n <div class=\"pop-page-step-header-inner\">\r\n 짐량확인\r\n </div>\r\n</div>\r\n<div class=\"pop-page-step-body\">\r\n <div class=\"step-body-section\">\r\n <div class=\"pop-content-wrap nfaceOrd",
"body_murmur": 830658430,
"body_sha256": "d8aa71d656da947efc87a428c87d8db33bb41d26e3fde38a2973d0059e788f4a",
"component": [
"CentOS",
"Bootstrap:3",
"Google Tag Manager",
"Apache HTTP Server:2.2.15"
],
"content_length": -1,
"favicon": {
"md5_hash": "d91077eaf11fc0ca0764dc5698cf8617",
"murmur_hash": -285021565,
"path": "https://175.123.253.67:443/modoo24.ico",
"size": 4480
},
"headers": {
"access_control_allow_origin": [
"*"
],
"cache_control": [
"no-cache, private"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sat, 28 Jun 2025 11:20:42 GMT"
],
"server": [
"Apache/2.2.15 (CentOS)"
],
"set_cookie": [
"XSRF-TOKEN=eyJpdiI6IlJTSHJPWU9nWjFrYStcLzgwSFpFRkh3PT0iLCJ2YWx1ZSI6ImNYZFZ0c1JtekllNXFVNGNMYXlkRDFLM3ZveWdXMFhleGR0SHlNU1pacEphTmt0WWRiKzVhVEhJS3BaN0VDWU1hK1o1VTN0VTBEblVWQmpnbjlHYlF3PT0iLCJtYWMiOiJiMjRiYjdmNGRjZDI1NDU3OWY5YjI5OTc1ZDcyNjI2YzJhYWM0ZDEzZDBhNzU0YzI2YTRkYmI3N2I4M2IzMGQzIn0%3D; expires=Sun, 28-Jun-2026 11:20:42 GMT; Max-Age=31536000; path=/",
"md24_session=eyJpdiI6Ijk4NzdYdDdwaXZWZTR4dEVveGp3d2c9PSIsInZhbHVlIjoiMXRDSVBzVEtZY2Z6NkN4MWJTd1gzS3Z2UUxFU095UXBNOTFvRWZHWU0yU2l3cVJtK1UrZkJIU0xiVEhMNk1ldTFjQ0NEelBGZWNVcmNzVzNVWUl2VHc9PSIsIm1hYyI6ImJkOTEyMmYwNTJhZjFiZTM0YmNhOGIxMWE1MjZlZDU0NzY5MTk1NWVkMTQyMDgzZDFkZmFmNzI4ZDc5MWQzZTUifQ%3D%3D; expires=Sun, 28-Jun-2026 11:20:42 GMT; Max-Age=31536000; path=/"
],
"x_powered_by": [
"PHP/5.6.40"
]
},
"protocol": "HTTP/1.1",
"redirects": [
{
"headers": {
"access_control_allow_origin": [
"*"
],
"content_length": [
"0"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sat, 28 Jun 2025 11:20:41 GMT"
],
"location": [
"/v2/"
],
"server": [
"Apache/2.2.15 (CentOS)"
],
"x_powered_by": [
"PHP/5.6.40"
]
},
"location": "/v2/",
"protocol": "HTTP/1.1",
"status_code": 302,
"status_line": "302 Found"
}
],
"request": {
"headers": {
"accept": [
"*/*"
],
"referer": [
"https://175.123.253.67"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "175.123.253.67",
"path": "/v2/",
"scheme": "https"
}
},
"status_code": 200,
"title": "모두이사",
"transfer_encoding": [
"chunked"
]
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt"
],
"ocsp_urls": [
"http://ocsp.sectigo.com"
]
},
"authority_key_id": "8d8c5ec454ad8ae177e99bf99b05e1b8018d61e1",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"cps": [
"https://sectigo.com/CPS"
],
"id": "1.3.6.1.4.1.6449.1.2.2.7"
},
{
"id": "2.23.140.1.2.1"
}
],
"ct_precert_scts": "Signed Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:\n E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6\n Timestamp : Apr 2 02:52:18.051 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:21:00:BA:09:E5:6E:74:A8:76:FB:CD:0A:46:\n 6B:3D:32:D0:D2:DE:D1:4B:50:2A:5C:41:80:2B:E6:D9:\n 1F:F0:A6:F7:7D:02:20:6E:13:EC:53:40:15:00:8E:EF:\n D8:80:EA:10:9F:FA:63:85:34:6B:BD:88:9C:21:0E:D8:\n E9:92:55:57:1F:28:E4\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 19:86:D4:C7:28:AA:6F:FE:BA:03:6F:78:2A:4D:01:91:\n AA:CE:2D:72:31:0F:AE:CE:5D:70:41:2D:25:4C:C7:D4\n Timestamp : Apr 2 02:52:17.995 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:46:02:21:00:8E:04:6C:9F:38:A1:3B:3A:22:36:23:\n 81:2F:D8:31:E0:3B:3F:28:BA:20:0F:BC:6E:E2:F8:F1:\n BA:B9:53:02:21:02:21:00:D1:13:80:CC:96:25:3F:77:\n 3B:97:74:B6:FE:F0:FC:0D:DF:A9:52:0B:3A:1B:65:FF:\n 2D:3F:62:8F:9F:A4:8D:CD\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:\n DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21\n Timestamp : Apr 2 02:52:17.959 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:44:A6:98:F0:77:C0:9F:22:59:93:2C:14:\n EE:8C:86:95:89:29:48:1E:48:D8:45:56:52:7E:42:C4:\n 39:1F:73:71:02:21:00:F3:57:5F:A2:7E:5C:FB:DF:D5:\n 02:E5:CD:04:A9:7E:CB:5B:96:EA:34:3E:65:76:12:D0:\n E7:33:F5:B0:E6:5E:64",
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"modoo24.net",
"www.modoo24.net"
]
},
"subject_key_id": "2b2acc3640ec98a3e25777a6af53cb0bef6a0425"
},
"fingerprint_md5": "79809B4891DD9111AC6C232AFCDA5063",
"fingerprint_sha1": "1A2CC9CB6868AF58871EE3D4B26BD9F41A7A16F7",
"fingerprint_sha256": "216A368E4CF2D39F9CF5FFF3529E68AB07F559DF9E4417138278026A00C69A36",
"issuer": {
"common_name": [
"Sectigo RSA Domain Validation Secure Server CA"
],
"country": [
"GB"
],
"locality": [
"Salford"
],
"organization": [
"Sectigo Limited"
],
"province": [
"Greater Manchester"
]
},
"issuer_dn": "/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA",
"jarm": "05d02d20d21d20d05c05d02d05d20d74fcf6501ae7a92319e575bfafd2a827",
"redacted": false,
"revocation": {
"ocsp": {
"next_update": "2025-07-03T07:29:34",
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "314169151514342655030377767224071965921",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "YjBlM2UwODYxNTQxMTQ1NjY0MzUzMzNjYjUwN2I3YWQyNDk2MTQxYjFkZTMyMzU4NjhhMmY1YjJiNTE3ZDBhOTY2MDk3Yzc4OTNiYzM5NWRlZmExNjliZjUzZmNkZmQxNjNiN2Y5ZDFjZjg3YWMxOTg5ZDVmZDg4MmRmMThkMzBlNzQxZGY2MjdmMDAyZDFiMmQzZGU4OWM0NDg3ZWU4ZDA2MDU5MTRkZjQ2MDY4MDYyODJlYzZhZTRmNDc4OWMzMzJiYzNiNDhhZThkOGExNGY0YmMwZWIwYTI1Y2ZkNTk3MDk0YjNhZWQzZDg2YmQxNTRiYjVhYTc0MDIwYmM2N2E0NWE5MThkNTU2NGNiYzRhOWI4YjhkNmQ1MDY1OWE5ZmVkNDVkMjljOTI1ODVjN2ZiYTBmMWIwYmMwNTQxNGJmODBjOGNlYjc1NzhjODExZGY4YzM2NDVkODBiNTQyMGRiZmI2ZTBhMjRlZGZhYmJhMzE4ZGUzZmM3Y2FjYTQ5OGFmOTY3MzYwZTRlMDQ5OThkNzk0YjU1MWNiMzQ5Y2Q0ZTM1ZWY2MTZjNzExYTM5NjhmZmRkYzhmMmVmNWJlOGU0ZTY0ZmEzYmMyMjM4ODMwZTBkZTNlMzNjZDQ1NzU0NDc3YjNmMjEyODhiMGQzZWM4MjhhNzhlZGQ0MDEzM2I="
},
"signed_certificate_timestamps": [
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "969764bf555897adf743876837084277e9f03ad5f6a4f3366e46a43f0fcaa9c6",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3045022100ba09e56e74a876fbcd0a466b3d32d0d2ded14b502a5c41802be6d91ff0a6f77d02206e13ec534015008eefd880ea109ffa6385346bbd889c210ed8e99255571f28e4"
},
"timestamp": "2025-04-02T02:52:18.051000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "1986d4c728aa6ffeba036f782a4d0191aace2d72310faece5d70412d254cc7d4",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "30460221008e046c9f38a13b3a223623812fd831e03b3f28ba200fbc6ee2f8f1bab9530221022100d11380cc96253f773b9774b6fef0fc0ddfa9520b3a1b65ff2d3f628f9fa48dcd"
},
"timestamp": "2025-04-02T02:52:17.995000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "0e5794bcf3aea93e331b2c9907b3f790df9bc23d713225dd21a925ac61c54e21",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3045022044a698f077c09f2259932c14ee8c86958929481e48d84556527e42c4391f7371022100f3575fa27e5cfbdfd502e5cd04a97ecb5b96ea343e657612d0e733f5b0e65e64"
},
"timestamp": "2025-04-02T02:52:17.959000",
"version": "v1"
}
],
"signed_certificate_timestamps_oid": "1.3.6.1.4.1.11129.2.4.2",
"subject": {
"common_name": [
"modoo24.net"
]
},
"subject_alt_name": {
"dns_names": [
"modoo24.net",
"www.modoo24.net"
],
"extended_dns_names": [
{
"domain": "modoo24",
"fld": "modoo24.net",
"tld": "net"
},
{
"domain": "modoo24",
"fld": "modoo24.net",
"subdomain": "www",
"tld": "net"
}
]
},
"subject_dn": "/CN=modoo24.net",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "d4a6d09b34c23e501553b320104c20bd74ba17bca9c947d3a5f6d698e15a5569",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHg4OWRkNjE2MmNiNWRmNGRkNDQyZTkwMzUwZThmNDM5YmM5MTgzZDk5YmZkZDFjMzQwM2IzZWRjZjhlOWJkYzRiZGM3MzdiNDA5OGQyZmI4NmJjNjAzOWNiM2E5MjcxMmQzN2FlZjI4M2E4ZWY5NDE5NmJhZmQyNjIzZWM4NzE1ZTFlMzgzZWNlNmRmZWE2NzM5YzY3NjJlOTU0YzdlOWZiZGE0MjZlNTMxZDYzYzg5ZTA1ZGQyYWVkZTFjODJhOTc2NDYyNDUxMDk4MWFhNTQ3ZmU2NjgyNzNhOThkNDUxZGU3N2VjZWEyNGNiNTQzNmRhMzcxNzEyYWRlODJhYmFhMTdhN2VjMTRiNWJlODI1NWNkOTFkZTAzOTc5ZWM3NjkzMjhlOTk3MjFmNGNkZDhhZjg4YTdkZjlhZjJkYmU2Zjk0YjA5YTUyYzkwNzBlY2E1NTMwNzg4OTFhNTUzZmQwYmRiOTlkZWU1MmE2YjUwN2NiNDExZDc2NzMyNGI4NmJmYmZmMTkxM2U0Yzg0NzM3NTZiMmM1MGZjNWIxYzkxNTFlODljOGFjYTAwMWE5NGIwYWNiNzhlNjMyNTRjOWY1MzljYzRjOWU5MjcyODllNjE1MjgyYjFjMzdkYzA0MTVhMzRiZGYwZGZlNDE2NmNjZGI5NGI2NTkxNTJmYmMxZg=="
}
},
"tbs_fingerprint": "2d856821ebb437d6dda1438ca28558b4dff3a110470eaa93c026dd2265df81d7",
"tbs_noct_fingerprint": "134a389df0f19fa8e3574ed991b794d77312c992f38d6154228f07c1fb164fd3",
"validation_level": "DV",
"validity": {
"length_seconds": 34300800,
"not_after": "2026-05-03T23:59:59",
"not_before": "2025-04-02T00:00:00"
},
"version": 2
},
"fingerprint_sha256": "216A368E4CF2D39F9CF5FFF3529E68AB07F559DF9E4417138278026A00C69A36",
"precert": false,
"raw": "MIIGMjCCBRqgAwIBAgIRAOxaxxQZEutnPNznwM2wTOEwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UEAxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0yNTA0MDIwMDAwMDBaFw0yNjA1MDMyMzU5NTlaMBYxFDASBgNVBAMTC21vZG9vMjQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid1hYstd9N1ELpA1Do9Dm8kYPZm/3Rw0A7Ptz46b3Evcc3tAmNL7hrxgOcs6knEtN67yg6jvlBlrr9JiPshxXh44Ps5t/qZznGdi6VTH6fvaQm5THWPIngXdKu3hyCqXZGJFEJgapUf+ZoJzqY1FHed+zqJMtUNto3FxKt6Cq6oXp+wUtb6CVc2R3gOXnsdpMo6Zch9M3Yr4in35ry2+b5SwmlLJBw7KVTB4iRpVP9C9uZ3uUqa1B8tBHXZzJLhr+/8ZE+TIRzdWssUPxbHJFR6JyKygAalLCst45jJUyfU5zEyeknKJ5hUoKxw33AQVo0vfDf5BZszblLZZFS+8HwIDAQABo4IC/zCCAvswHwYDVR0jBBgwFoAUjYxexFStiuF36Zv5mwXhuAGNYeEwHQYDVR0OBBYEFCsqzDZA7Jij4ld3pq9TywvvagQlMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAnBgNVHREEIDAeggttb2RvbzI0Lm5ldIIPd3d3Lm1vZG9vMjQubmV0MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgCWl2S/VViXrfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZX0ae8DAAAEAwBHMEUCIQC6CeVudKh2+80KRms9MtDS3tFLUCpcQYAr5tkf8Kb3fQIgbhPsU0AVAI7v2IDqEJ/6Y4U0a72InCEO2OmSVVcfKOQAdwAZhtTHKKpv/roDb3gqTQGRqs4tcjEPrs5dcEEtJUzH1AAAAZX0ae7LAAAEAwBIMEYCIQCOBGyfOKE7OiI2I4Ev2DHgOz8ouiAPvG7i+PG6uVMCIQIhANETgMyWJT93O5d0tv7w/A3fqVILOhtl/y0/Yo+fpI3NAHYADleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHFTiEAAAGV9GnupwAABAMARzBFAiBEppjwd8CfIlmTLBTujIaViSlIHkjYRVZSfkLEOR9zcQIhAPNXX6J+XPvf1QLlzQSpfstbluo0PmV2EtDnM/Ww5l5kMA0GCSqGSIb3DQEBCwUAA4IBAQCw4+CGFUEUVmQ1Mzy1B7etJJYUGx3jI1hoovWytRfQqWYJfHiTvDld76Fpv1P839Fjt/nRz4esGYnV/Ygt8Y0w50HfYn8ALRstPeicRIfujQYFkU30YGgGKC7Grk9HicMyvDtIro2KFPS8DrCiXP1ZcJSzrtPYa9FUu1qnQCC8Z6RakY1VZMvEqbi41tUGWan+1F0pySWFx/ug8bC8BUFL+AyM63V4yBHfjDZF2AtUINv7bgok7fq7oxjeP8fKykmK+Wc2Dk4EmY15S1Ucs0nNTjXvYWxxGjlo/93I8u9b6OTmT6O8IjiDDg3j4zzUV1RHez8hKIsNPsgop47dQBM7",
"tags": [
"dv",
"trusted"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2008-0455",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2009-3560",
"score": 5,
"severity": "medium"
}
],
"url": "https://175.123.253.67/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-28T13:42:09.633Z"
},
{
"port": 5000,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "thttpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:acme:thttpd",
"part": "a",
"vendor": "acme",
"product": "thttpd",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<HTML>\n<HEAD><TITLE>403 Forbidden</TITLE></HEAD>\n<BODY BGCOLOR=\"#cc9999\" TEXT=\"#000000\" LINK=\"#2020ff\" VLINK=\"#4040cc\">\n<H2>403 Forbidden</H2>\nThe requested URL '/' is a directory, and directory indexing is disabled on this server.\n<HR>\n<ADDRESS><A HREF=\"http://www.acme.com/software/thttpd/\">thttpd</A></ADDRESS>\n</BODY>\n</HTML>\n",
"body_murmur": -558043929,
"body_sha256": "f1bcb3a9178d9dd5d9448e0c85dab3d82d6e274c5593561880db8403aa92a78b",
"component": [
"thttpd"
],
"content_length": -1,
"headers": {
"accept_ranges": [
"bytes"
],
"cache_control": [
"no-cache,no-store"
],
"content_type": [
"text/html; charset=iso-8859-1"
],
"date": [
"Wed, 25 Jun 2025 20:51:32 GMT"
],
"last_modified": [
"Wed, 25 Jun 2025 20:51:32 GMT"
],
"server": [
"thttpd"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "175.123.253.67:5000",
"path": "",
"scheme": "http"
}
},
"status_code": 403,
"title": "403 Forbidden"
}
},
"url": "http://175.123.253.67:5000/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-25T20:51:33.196Z"
},
{
"port": 8086,
"protocol": "tcp",
"name": "http",
"version": "2.2.15",
"product": "Apache httpd",
"extra_info": "(CentOS)",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.2.15",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.2\\.15",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n\t<head>\n\t\t<title>Apache HTTP Server Test Page powered by CentOS</title>\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n\t\t<style type=\"text/css\">\n\t\t\tbody {\n\t\t\t\tbackground-color: #fff;\n\t\t\t\tcolor: #000;\n\t\t\t\tfont-size: 0.9em;\n\t\t\t\tfont-family: sans-serif,helvetica;\n\t\t\t\tmargin: 0;\n\t\t\t\tpadding: 0;\n\t\t\t}\n\t\t\t:link {\n\t\t\t\tcolor: #0000FF;\n\t\t\t}\n\t\t\t:visited {\n\t\t\t\tcolor: #0000FF;\n\t\t\t}\n\t\t\ta:hover {\n\t\t\t\tcolor: #3399FF;\n\t\t\t}\n\t\t\th1 {\n\t\t\t\ttext-align: center;\n\t\t\t\tmargin: 0;\n\t\t\t\tpadding: 0.6em 2em 0.4em;\n\t\t\t\tbackground-color: #3399FF;\n\t\t\t\tcolor: #ffffff;\n\t\t\t\tfont-weight: normal;\n\t\t\t\tfont-size: 1.75em;\n\t\t\t\tborder-bottom: 2px solid #000;\n\t\t\t}\n\t\t\th1 strong {\n\t\t\t\tfont-weight: bold;\n\t\t\t}\n\t\t\th2 {\n\t\t\t\tfont-size: 1.1em;\n\t\t\t\tfont-weight: bold;\n\t\t\t}\n\t\t\t.content {\n\t\t\t\tpadding: 1em 5em;\n\t\t\t}\n\t\t\t.content-columns {\n\t\t\t\t/* Setting relative positioning allows for \n\t\t\t\tabsolute positioning for sub-classes */\n\t\t\t\tposition: relative;\n\t\t\t\tpadding-top: 1em;\n\t\t\t}\n\t\t\t.content-column-left {\n\t\t\t\t/* Value for IE/Win; will be overwritten for other browsers */\n\t\t\t\twidth: 47%;\n\t\t\t\tpadding-right: 3%;\n\t\t\t\tfloat: left;\n\t\t\t\tpadding-bottom: 2em;\n\t\t\t}\n\t\t\t.content-column-right {\n\t\t\t\t/* Values for IE/Win; will be overwritten for other browsers */\n\t\t\t\twidth: 47%;\n\t\t\t\tpadding-left: 3%;\n\t\t\t\tfloat: left;\n\t\t\t\tpadding-bottom: 2em;\n\t\t\t}\n\t\t\t.content-columns>.content-column-left, .content-columns>.content-column-right {\n\t\t\t\t/* Non-IE/Win */\n\t\t\t}\n\t\t\timg {\n\t\t\t\tborder: 2px solid #fff;\n\t\t\t\tpadding: 2px;\n\t\t\t\tmargin: 2px;\n\t\t\t}\n\t\t\ta:hover img {\n\t\t\t\tborder: 2px solid #3399FF;\n\t\t\t}\n\t\t</style>\n\t</head>\n\n\t<body>\n\t<h1>Apache 2 Test Page<br><font size=\"-1\"><strong>powered by</font> CentOS</strong></h1>\n\n\t\t<div class=\"content\">\n\t\t\t<div class=\"content-middle\">\n\t\t\t\t<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that the Apache HTTP server installed at this site is working properly.</p>\n\t\t\t</div>\n<hr />\n\t\t\t<div class=\"content-columns\">\n\t\t\t\t<div class=\"content-column-left\">\n\t\t\t\t\t<h2>If you are a member of the general public:</h2>\n\n\t\t\t\t\t<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems or is undergoing routine maintenance.</p>\n\n\t\t\t\t\t<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name \"webmaster\" and directed to the website's domain should reach the appropriate person.</p>\n\n\t\t\t\t\t<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to \"[email protected]\".</p>\n\t\t\t\t</div>\n\n\t\t\t\t<div class=\"content-column-right\">\n\t\t\t\t\t<h2>If you are the website administrator:</h2>\n\n\t\t\t\t\t<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>\n\n\t\t\t\t\t\t<p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>\n\n\t\t\t\t\t\t<p><a href=\"http://httpd.apache.org/\"><img src=\"/icons/apache_pb.gif\" alt=\"[ Powered by Apache ]\"/></a> <a href=\"http://www.centos.org/\"><img src=\"/icons/poweredby.png\" alt=\"[ Powered by CentOS Linux ]\" width=\"88\" height=\"31\" /></a></p>\n\t\t\t\t</div>\n\t\t\t</div>\n </div>\n <div class=\"content\">\n<div class=\"content-middle\"><h2>About CentOS:</h2><b>The Community ENTerprise Operating System</b> (CentOS) Linux is a community-supported enterprise distribution derived from sources freely provided to the public by Red Hat. As such, CentOS Linux aims to be functionally compatible with Red Hat Enterprise Linux. The CentOS Project is the organization that builds CentOS. We mainly change packages to remove upstream vendor branding and artwork.</p> <p>For information on CentOS please visit the <a href=\"http://www.centos.org/\">CentOS website</a>.</p>\n<p><h2>Note:</h2><p>CentOS is an Operating System and it is used to power this website; however, the webserver is owned by the domain owner and not the CentOS Project. <b>If you have issues with the content of this site, contact the owner of the domain, not the CentOS Project.</b> <p>Unless this server is on the <b>centos.org</b> domain, the CentOS Project doesn't have anything to do with the content on this webserver or any e-mails that directed you to this site.</p> <p>For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:</p> <p><a href=\"http://www.internic.net/whois.html\">http://www.internic.net/whois.html</a></p>\n </div>\n\t\t</div>\n</body>\n</html>\n",
"body_murmur": -1123910839,
"body_sha256": "29a8b2a2dbac349f919923d25af4f9162bc58c29b2daac41a56f5b25ba24276d",
"component": [
"Apache HTTP Server:2.2.15",
"CentOS"
],
"content_length": 4961,
"headers": {
"content_length": [
"4961"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Thu, 26 Jun 2025 07:20:45 GMT"
],
"server": [
"Apache/2.2.15 (CentOS)"
],
"x_powered_by": [
"PHP/5.6.40"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "175.123.253.67:8086",
"path": "",
"scheme": "http"
}
},
"status_code": 403,
"title": "Apache HTTP Server Test Page powered by CentOS"
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2008-0455",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2009-3560",
"score": 5,
"severity": "medium"
}
],
"url": "http://175.123.253.67:8086/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-26T07:20:45.35Z"
},
{
"port": 8087,
"protocol": "tcp",
"name": "http",
"version": "2.2.15",
"product": "Apache httpd",
"extra_info": "(CentOS)",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.2.15",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.2\\.15",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": " \r\n<!doctype html>\r\n<html>\r\n<head>\r\n\t<meta charset=\"utf-8\">\r\n\t<meta name=\"viewport\" content=\"width=device-width,minimum-scale=0,maximum-scale=10,user-scalable=no\">\r\n\t<meta property=\"og:title\" content=\"행복을나르는사람들\"/>\r\n\t<meta property=\"og:site_name\" content=\"행복을나르는사람들\"/>\r\n\t<meta property=\"og:type\" content=\"website\"/>\r\n\t<meta property=\"og:url\" content=\"http://modoo24.net\"/>\r\n\t<meta property=\"og:description\" content=\"이사할땐 행복을나르는사람들\"/>\r\n\t<meta name=\"format-detection\" content=\"telephone=no\"> \r\n\t<title>행복을나르는사람들</title>\r\n\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/css/main_H.css\">\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"/css/common.css\">\r\n\t<link rel=\"stylesheet\" type=\"text/css\" href=\"css/font.css\">\r\n\t<link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"/happym.ico\">\r\n\r\n\t<script type=\"text/javascript\" src=\"http://code.jquery.com/jquery-latest.min.js\"></script> \r\n\t<script type=\"text/javascript\" src=\"js/top_navi.js\"></script> \r\n\r\n\t<!--이용후기 슬라이드-->\r\n\t<script type=\"text/javascript\" >\r\n \r\n\t\t/*! responsiveCarousel.JS - v1.2.0\r\n\t\t* http://basilio.github.com/responsiveCarousel\r\n\t\t*\r\n\t\t* Copyright (c) 2013 Basilio C‡ceres <[email protected]>;\r\n\t\t* Licensed under the MIT license */\r\n\t\t(function(e){\"use strict\";e.fn.carousel=function(t){var n,r;n={infinite:true,visible:1,speed:\"fast\",overflow:false,autoRotate:false,navigation:e(this).data(\"navigation\"),itemMinWidth:0,itemEqualHeight:false,itemMargin:0,itemClassActive:\"crsl-active\",imageWideClass:\"wide-image\",carousel:true};return e(this).each(function(){r=e(this);if(e.isEmptyObject(t)===false)e.extend(n,t);if(e.isEmptyObject(e(r).data(\"crsl\"))===false)e.extend(n,e(r).data(\"crsl\"));n.isTouch=\"ontouchstart\"in document.documentElement||navigator.userAgent.match(/Android|BlackBerry|iPhone|iPad|iPod|Opera Mini|IEMobile/i)?true:false;r.init=function(){n.total=e(r).find(\".crsl-item\").length;n.itemWidth=e(r).outerWidth();n.visibleDefault=n.visible;n.swipeDistance=null;n.swipeMinDistance=100;n.startCoords={};n.endCoords={};e(r).css({width:\"100%\"});e(r).find(\".crsl-item\").css({position:\"relative\",\"float\":\"left\",overflow:\"hidden\"});e(r).find(\".\"+n.imageWideClass).each(function(){e(this).css({display:\"block\",width:\"100%\",height:\"auto\"})});e(r).find(\".crsl-item iframe\").attr({width:\"100%\"});if(n.carousel)e(r).find(\".crsl-item:first-child\").addClass(n.itemClassActive);if(n.carousel&&n.infinite&&n.visible<n.total)e(r).find(\".crsl-item:first-child\").before(e(\".crsl-item:last-child\",r));if(n.overflow===false){e(r).css({overflow:\"hidden\"})}else{e(\"html, body\").css({\"overflow-x\":\"hidden\"})}e(r).trigger(\"initCarousel\",[n,r]);r.testPreload();r.config();r.initRotate();r.triggerNavs()};r.testPreload=function(){if(e(r).find(\"img\").length>0){var t=e(r).find(\"img\").length,i=1;e(r).find(\"img\").each(function(){r.preloadImage(this,i,t);i++})}else{e(r).trigger(\"loadedCarousel\",[n,r])}};r.preloadImage=function(t,i,s){var o=new Image,u={};u.src=e(t).attr(\"src\")!==undefined?t.src:\"\";u.alt=e(t).attr(\"alt\")!==undefined?t.alt:\"\";e(o).attr(u);e(o).on(\"load\",function(){if(i===1)e(r).trigger(\"loadingImagesCarousel\",[n,r]);if(i===s)e(r).trigger(\"loadedImagesCarousel\",[n,r])})};r.config=function(){n.itemWidth=Math.floor((e(r).outerWidth()-n.itemMargin*(n.visibleDefault-1))/n.visibleDefault);if(n.itemWidth<=n.itemMinWidth){n.visible=Math.floor((e(r).outerWidth()-n.itemMargin*(n.visible-1))/n.itemMinWidth)===1?Math.floor(e(r).outerWidth()/n.itemMinWidth):Math.floor((e(r).outerWidth()-n.itemMargin)/n.itemMinWidth);n.visible=n.visible<1?1:n.visible;n.itemWidth=n.visible===1?Math.floor(e(r).outerWidth()):Math.floor((e(r).outerWidth()-n.itemMargin*(n.visible-1))/n.visible)}else{n.visible=n.visibleDefault}if(n.carousel){r.wrapWidth=Math.floor((n.itemWidth+n.itemMargin)*n.total);r.wrapMargin=r.wrapMarginDefault=n.infinite&&n.visible<n.total?parseInt((n.itemWidth+n.itemMargin)*-1,10):0;if(n.infinite&&n.visible<n.total&&e(r).find(\".crsl-item.\"+n.itemClassActive).index()===0){e(r).find(\".crsl-item:first-child\").before(e(\".crsl-item:last-child\",r));r.wrapMargin=r.wrapMarginDefault=parseInt((n.itemWidth+n.itemMargin)*-1,10)}e(r).find(\".crsl-wrap\").css({width:r.wrapWidth+\"px\",marginLeft:r.wrapMargin})}else{r.wrapWidth=e(r).outerWidth();e(r).find(\".crsl-wrap\").css({width:r.wrapWidth+n.itemMargin+\"px\"});e(\"#\"+n.navigation).hide()}e(r).find(\".crsl-item\").css({width:n.itemWidth+\"px\",marginRight:n.itemMargin+\"px\"});r.equalHeights();if(n.carousel){if(n.visible>=n.total){n.autoRotate=false;e(\"#\"+n.navigation).hide()}else{e(\"#\"+n.navigation).show()}}};r.equalHeights=function(){if(n.itemEqualHeight!==false){var t=0;e(r).find(\".crsl-item\").each(function(){e(this).css({height:\"auto\"});if(e(this).outerHeight()>t){t=e(this).outerHeight()}});e(r).find(\".crsl-item\").css({height:t+\"px\"})}return true};r.initRotate=function(){if(n.autoRotate!==false){r.rotateTime=window.setInterval(function(){r.rotate()},n.autoRotate)}};r.triggerNavs=function(){e(\"#\"+n.navigation).delegate(\".previous, .next\",\"click\",function(t){t.preventDefault();r.prepareExecute();if(e(this).hasClass(\"previous\")&&r.testPrevious(r.itemActive)){r.previous()}else if(e(this).hasClass(\"next\")&&r.testNext()){r.next()}else{return}})};r.prepareExecute=function(){if(n.autoRotate){clearInterval(r.rotateTime)}r.preventAnimateEvent();r.itemActive=e(r).find(\".crsl-item.\"+n.itemClassActive);return true};r.preventAnimateEvent=function(){if(e(r).find(\".crsl-wrap:animated\").length>0){return false}};r.rotate=function(){r.preventAnimateEvent();r.itemActive=e(r).find(\".crsl-item.\"+n.itemClassActive);r.next();return true};r.testPrevious=function(t){return e(\".crsl-wrap\",r).find(\".crsl-item\").index(t)>0};r.testNext=function(){return!n.infinite&&r.wrapWidth>=(n.itemWidth+n.itemMargin)*(n.visible+1)-r.wrapMargin||n.infinite};r.previous=function(){r.wrapMargin=n.infinite?r.wrapMarginDefault+e(r.itemActive).outerWidth(true):r.wrapMargin+e(r.itemActive).outerWidth(true);var t=e(r.itemActive).index();var i=e(r.itemActive).prev(\".crsl-item\");var s=\"previous\";e(r).trigger(\"beginCarousel\",[n,r,s]);e(r).find(\".crsl-wrap\").animate({marginLeft:r.wrapMargin+\"px\"},n.speed,function(){e(r.itemActive).removeClass(n.itemClassActive);e(i).addClass(n.itemClassActive);if(n.infinite){e(this).css({marginLeft:r.wrapMarginDefault}).find(\".crsl-item:first-child\").before(e(\".crsl-item:last-child\",r))}else{if(r.testPrevious(i)===false)e(\"#\"+n.navigation).find(\".previous\").addClass(\"previous-inactive\");if(r.testNext())e(\"#\"+n.navigation).find(\".next\").removeClass(\"next-inactive\")}e(this).trigger(\"endCarousel\",[n,r,s])})};r.next=function(){r.wrapMargin=n.infinite?r.wrapMarginDefault-e(r.itemActive).outerWidth(true):r.wrapMargin-e(r.itemActive).outerWidth(true);var t=e(r.itemActive).index();var i=e(r.itemActive).next(\".crsl-item\");var s=\"next\";e(r).trigger(\"beginCarousel\",[n,r,s]);e(r).find(\".crsl-wrap\").animate({marginLeft:r.wrapMargin+\"px\"},n.speed,function(){e(r.itemActive).removeClass(n.itemClassActive);e(i).addClass(n.itemClassActive);if(n.infinite){e(this).css({marginLeft:r.wrapMarginDefault}).find(\".crsl-item:last-child\").after(e(\".crsl-item:first-child\",r))}else{if(r.testPrevious(i))e(\"#\"+n.navigation).find(\".previous\").removeClass(\"previous-inactive\");if(r.testNext()===false)e(\"#\"+n.navigation).find(\".next\").addClass(\"next-inactive\")}e(this).trigger(\"endCarousel\",[n,r,s])})};var i=false,s;e(window).on(\"mouseleave\",function(t){if(t.target)s=t.target;else if(t.srcElement)s=t.srcElement;if(e(r).attr(\"id\")&&e(s).parents(\".crsl-items\").attr(\"id\")===e(r).attr(\"id\")||e(s).parents(\".crsl-items\").data(\"navigation\")===e(r).data(\"navigation\")){i=true}else{i=false}return false});e(window).on(\"keydown\",function(e){if(i===true){if(e.keyCode===37){r.prepareExecute();r.previous()}else if(e.keyCode===39){r.prepareExecute();r.next()}}return});if(n.isTouch){e(r).on(\"touchstart\",function(t){e(r).addClass(\"touching\");n.startCoords=t.originalEvent.targetTouches[0];n.endCoords=t.originalEvent.targetTouches[0];e(\".touching\").on(\"touchmove\",function(e){n.endCoords=e.originalEvent.targetTouches[0];if(Math.abs(parseInt(n.endCoords.pageX-n.startCoords.pageX,10))>Math.abs(parseInt(n.endCoords.pageY-n.startCoords.pageY,10))){e.preventDefault();e.stopPropagation()}})}).on(\"touchend\",function(t){t.preventDefault();t.stopPropagation();n.swipeDistance=n.endCoords.pageX-n.startCoords.pageX;if(n.swipeDistance>=n.swipeMinDistance){r.previous()}else if(n.swipeDistance<=-n.swipeMinDistance){r.next()}e(\".touching\").off(\"touchmove\").removeClass(\"touching\")})}e(r).on(\"loadedCarousel loadedImagesCarousel\",function(){r.equalHeights()});e(window).on(\"carouselResizeEnd\",function(){if(n.itemWidth!==e(r).outerWidth())r.config()});e(window).ready(function(){e(r).trigger(\"prepareCarousel\",[n,r]);r.init();e(window).on(\"resize\",function(){if(this.carouselResizeTo)clearTimeout(this.carouselResizeTo);this.carouselResizeTo=setTimeout(function(){e(this).trigger(\"carouselResizeEnd\")},10)})});e(window).load(function(){r.testPreload();r.config()})})}})(jQuery)\r\n\t</script> \r\n</head>\r\n<body>\r\n\r\n\r\n\r\n<!-- loading -->\r\n<link rel=\"stylesheet\" type=\"text/css\" href=\"/css/loading.css\">\r\n<div class=\"loading_area\">\r\n\t<div id=\"loading\">\r\n\t\t<div class=\"loading_sm\">\r\n\t\t\t<div class=\"spinner\">\r\n\t\t\t\t<div class=\"piece a\"></div>\r\n\t\t\t\t<div class=\"piece b\"></div>\r\n\t\t\t\t<div class=\"piece c\"></div>\r\n\t\t\t\t<div class=\"piece d\"></div>\r\n\t\t\t\t<div class=\"piece e\"></div>\r\n\t\t\t\t<div class=\"piece f\"></div>\r\n\t\t\t\t<div class=\"piece g\"></div>\r\n\t\t\t\t<div class=\"piece h\"></div>\r\n\t\t\t\t<div class=\"piece i\"></div>\r\n\t\t\t\t<div class=\"piece j\"></div>\r\n\t\t\t\t<div class=\"piece k\"></div>\r\n\t\t\t\t<div class=\"piece l\"></div>\r\n\t\t\t\t<div class=\"piece m\"></div>\r\n\t\t\t\t<div class=\"piece n\"></div>\r\n\t\t\t\t<div class=\"piece o\"></div>\r\n\t\t\t\t<div class=\"piece p\"></div>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t\t<p>이사업체 데이터를 조회 중입니다.<br/>\t잠시만 기다려 주세요.\t</p>\r\n\t\t<p><img src=\"../image/main/logo_mf.png\" alt=\"modooplatform\"/></p>\r\n\t</div> \r\n</div>\r\n\r\n\r\n\r\n<!-- \r\n<style>\r\n\t#proc_lay { z-index:100000; position:fixed; top:0; left:0; width:100%; height:100%; background:rgba(0, 0, 0, 0.5); color:#fff; text-align:center; display:none; }\r\n\t#proc_lay p { margin:18% auto; padding:20px; border-radius:10px; background:#fff; width:200px; line-height:2em; color:#333; }\r\n</style>\r\n<div id=\"proc_lay\"><p><img src=\"/image/loading.gif\"><br>잠시만 기다려 주세요.</p></div>\r\n-->\r\n\r\n\r\n\r\n<!--에어컨--> \r\n<div id=\"simpleorder\" class=\"banner_right_box pc\">\r\n\t<a href=\"/?other_open_pop=Y\"><img src=\"image/main/banner.jpg\" alt=\"\"/></a>\r\n</div>\r\n\r\n\r\n\r\n<!--common_menu-->\r\n<header>\r\n\t<div id=\"hwrap\">\r\n\t<div id=\"logo\"> \r\n\t\t<a href=\"/\"><img src=\"/image/main/logo.png\" alt=\"행복을나르는사람들\" /></a> \r\n\t</div>\r\n\r\n\t<!-- 모바일메뉴 -->\r\n\t<div id=\"mNavi\" title=\"주메뉴 보기\"> <span class=\"line\"></span> <span class=\"line\"></span> <span class=\"line\"></span> </div>\r\n\t<!-- //모바일메뉴 -->\r\n\r\n\t<div id=\"navi\">\r\n\t\t<p class=\"mobile menu_red\">행복하게 이사하자</p>\r\n\r\n\t\t<ul id=\"topMenu\">\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/about/service\" id=\"topNavi1\"><span>행복을 나르는 사람들이란?</span></a>\r\n\t\t\t\t<ul id=\"topSubm1\">\r\n\t\t\t\t\t<li><a href=\"/about/service\"><span>서비스소개</span></a></li>\r\n\t\t\t\t</ul>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/mvkind/home\" id=\"topNavi2\"><span>이사종류</span></a>\r\n\t\t\t\t<ul id=\"topSubm2\">\r\n\t\t\t\t\t<li><a href=\"/mvkind/home\"><span>포장이사</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/mvkind/office\"><span>사무실이사</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/mvkind/room\"><span>용달이사</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/mvkind/storage\"><span>보관이사</span></a></li>\r\n\t\t\t\t</ul>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/mvinfo/noson\" id=\"topNavi3\"><span>이사정보</span></a>\r\n\t\t\t\t<ul id=\"topSubm3\">\r\n\t\t\t\t\t<li><a href=\"/mvinfo/noson\"><span>손없는날</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/mvinfo/contract\"><span>이사계약유의사항</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/mvinfo/checklist\"><span>이사체크리스트</span></a></li>\r\n\t\t\t\t</ul>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/customer/review\" id=\"topNavi4\"><span>고객센터</span></a>\r\n\t\t\t\t<ul id=\"topSubm4\">\r\n \t\t\t<li><a href=\"/customer/review\"><span>이사후기</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/customer/faq\"><span>자주묻는질문</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/customer/notice\"><span>공지사항</span></a></li>\r\n\t\t\t\t\t<li><a href=\"/customer/event\"><span>이벤트</span></a></li>\r\n\t\t\t\t</ul>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<a href=\"/mypage/my_apply?mode=my_request\" id=\"topNavi5\"><span>내 신청내역</span></a>\r\n\t\t\t\t<ul id=\"topSubm5\">\r\n\t\t\t\t\t<li><a href=\"/mypage/my_apply?mode=my_request\"><span>내신청내역</span></a></li>\r\n\t\t\t\t</ul>\r\n\t\t\t</li>\r\n\t\t</ul>\r\n\r\n\t\t<div id=\"mBg\"></div>\r\n\t</div>\r\n</header>\r\n<div id=\"navibg\"></div>\r\n\r\n\r\n<!--//common_menu-->\r\n \r\n \r\n \r\n<div id=\"visual\">\r\n\t<div class=\"center vstop\"> \r\n\t\t<h2>Best Happy-M Solution</h2>\r\n\t\t<h1>\r\n 이사의 개념을 바꾸다<br/>\r\n <span>행복을 나르는 사람들</span>만의 <span>이사서비스</span>\r\n </h1>\r\n\t\t<div class=\"btn_box\">\r\n\t\t\t<button id=\"pop_order_24\" class=\"bt_orange\" type=\"button\"><span><img src=\"image/main/icon_truck.png\" width=\"34\" height=\"27\" alt=\"\" style=\"vertical-align: bottom;\"/></span><span>이사견적예약 신청하기</span><span><img src=\"image/main/btn_arrow.png\" width=\"5\" height=\"9\" alt=\"\"/></span></button>\r\n\t\t</div>\r\n\t</div> \r\n</div>\r\n\r\n<div class=\"center\">\r\n\t<section id=\"content1\">\r\n\t\t<h2>당신을 위한 <span>행복한 이사 솔루션</span></h2>\r\n\t\t<ul>\r\n\t\t\t<li>\r\n\t\t\t\t<p><img src=\"image/main/sec01_icon1.png\" alt=\"이사서비스 종류\"/></p>\r\n\t\t\t\t<h3>이사서비스 종류</h3>\r\n\t\t\t\t<div>\r\n\t\t\t\t\t가정이사,사무실이사<br/>\r\n\t\t\t\t\t원룸이사 서비스란?\r\n\t\t\t\t</div>\r\n\t\t\t\t<a href=\"/mvkind/home\"> 바로가기 \r\n <span>\r\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"24\" height=\"24\"><path fill=\"none\" d=\"M0 0h24v24H0z\"/><path d=\"M13.172 12l-4.95-4.95 1.414-1.414L16 12l-6.364 6.364-1.414-1.414z\"/></svg>\r\n </span>\r\n </a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<p><img src=\"image/main/sec01_icon2.png\" alt=\"이사계약 유의사항\"/></p>\r\n\t\t\t\t<h3>이사계약 유의사항</h3>\r\n\t\t\t\t<div>\r\n\t\t\t\t\t이사할때 꼭 알아야 할<br/>\r\n\t\t\t\t\t유의사항은?\r\n\t\t\t\t</div>\r\n\t\t\t\t<a href=\"/mvinfo/contract\"> 바로가기\r\n <span>\r\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"24\" height=\"24\"><path fill=\"none\" d=\"M0 0h24v24H0z\"/><path d=\"M13.172 12l-4.95-4.95 1.414-1.414L16 12l-6.364 6.364-1.414-1.414z\"/></svg>\r\n </span>\r\n </a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<p><img src=\"image/main/sec01_icon3.png\" alt=\"이사 체크리스트\"/></p>\r\n\t\t\t\t<h3>이사 체크리스트</h3>\r\n\t\t\t\t<div>\r\n\t\t\t\t\t이사할때 이것만은 꼭<br/>\r\n\t\t\t\t\t체크하자.\r\n\t\t\t\t</div>\r\n\t\t\t\t<a href=\"/mvinfo/checklist\"> 바로가기\r\n <span>\r\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"24\" height=\"24\"><path fill=\"none\" d=\"M0 0h24v24H0z\"/><path d=\"M13.172 12l-4.95-4.95 1.414-1.414L16 12l-6.364 6.364-1.414-1.414z\"/></svg>\r\n </span>\r\n </a>\r\n\t\t\t</li>\r\n\t\t\t<li>\r\n\t\t\t\t<p><img src=\"image/main/sec01_icon4.png\" alt=\"손없는 날이란?\"/></p>\r\n\t\t\t\t<h3>손없는 날이란?</h3>\r\n\t\t\t\t<div>\r\n\t\t\t\t\t손없는 날은 언제이고<br/>\r\n\t\t\t\t\t의미를 알아보자.\r\n\t\t\t\t</div>\r\n\t\t\t\t<a href=\"/mvinfo/noson\"> 바로가기\r\n <span>\r\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" width=\"24\" height=\"24\"><path fill=\"none\" d=\"M0 0h24v24H0z\"/><path d=\"M13.172 12l-4.95-4.95 1.414-1.414L16 12l-6.364 6.364-1.414-1.414z\"/></svg>\r\n </svg>\r\n </span>\r\n </a>\r\n\t\t\t</li>\r\n\t\t</ul>\r\n\t</section>\r\n</div> \r\n<div class=\"center\">\r\n <section id=\"content2\">\r\n <h1>포장이사 <span>이용특전</span></h1> \r\n <dl class=\"clean\">\r\n <dt>\r\n <h3>행복한 <span>청소 서비스</span></h3>\r\n <p>\r\n 바닥스팀 청소 서비스 (사전요청시)<br/>\r\n 도착지 기초 청소 서비스<br/>\r\n 에어컨 분리 무료 서비스<br/>\r\n </p>\r\n </dt>\r\n <dd> </dd>\r\n </dl>\r\n <dl class=\"insurance\">\r\n <dt>\r\n <h3><span>20년 이상</span>의 숙련된 <br/>\r\n 노하우로 든든하게 \r\n </h3>\r\n <p>\r\n 베테량 전문패커들의 끝까지 <br/>\r\n 책임지는 포장이사의 노하우\r\n </p>\r\n </dt>\r\n <dd> </dd>\r\n </dl>\r\n </section>\r\n</div> \r\n \r\n\r\n \r\n<!--모바일만노출-->\r\n<div class=\"center mobile\">\r\n\t\r\n\t<section id=\"mobile2\">\r\n\t\t<h1>자주묻는질문</h1>\r\n\t\t<div id=\"accordion\">\r\n\t\t\t<button class=\"accordion\">Q. 이사견적은 언제쯤 받는게 좋을까요?</button>\r\n\t\t\t<div class=\"panel\">\r\n\t\t\t\t<p>\r\n\t\t\t\t\t고객님들께서 보통 손 없는 날을 선호 하긴 하지만 이사 업체들도 보통 성수기/비성수기로 나뉘기 때문에 손 없는 날을 제외 한 다른 날들도 마감이 되는 경우가 많습니다. \r\n\t\t\t\t\t이사 일정이 정해지면 되도록 서둘러 예약 하는 것이 좋습니다.\r\n\t\t\t\t</p>\r\n\t\t\t</div>\r\n\t\t\t<button class=\"accordion\">Q. 이용후기, 정말 믿을만 한건가요?</button>\r\n\t\t\t<div class=\"panel\">\r\n\t\t\t\t<p>행복을나르는사람들에서는 이사하신 고객님께 드리는 피드백 전용페이지가 개발되어 있어 이사하신 고객님들만 후기를 작성하실 수 있습니다. 이사하고 2~3일안으로 전용페이지가 전송되기 때문에 고객님께서 입력해주셔서 이사하지 않은 고객님들은 생생한 업체 평가 및 이사 후기를 파악하실 수 있습니다. </p>\r\n\t\t\t</div>\r\n\t\t</div>\r\n\t</section>\r\n\r\n\t<section id=\"mobile3\">\r\n\t\t<h4>포장이사 가격이 궁금하세요?</h4>\r\n\t\t<h1>행복한고객센터</h1>\r\n\t\t<a href=\"tel:15447524\"><img src=\"image/main/tel.png\" alt=\"1544-7524\"/></a>\r\n\t</section>\r\n</div> \r\n \r\n<div class=\"center\" style=\"display: block\"> \r\n\t<section id=\"content7\">\r\n\t\t<h2 class=\"ct_title\">고객이사후기</h2>\r\n <a class=\"ct_more\" href=\"/customer/review\">후기 더보기 + </a>\r\n\t\t<nav class=\"slidernav\">\r\n\t\t\t<div id=\"navbtns\" class=\"clearfix\">\r\n\t\t\t\t<a href=\"#\" class=\"previous\"><img src=\"image/main/arrowB_L.png\" alt=\"prev\"/></a>\r\n\t\t\t\t<a href=\"#\" class=\"next\"><img src=\"image/main/arrowB_R.png\" alt=\"next\"/></a>\r\n\t\t </div>\r\n\t\t</nav>\r\n \r\n\t\t<div class=\"crsl-items\" data-navigation=\"navbtns\">\r\n\t\t\t<div class=\"crsl-wrap\" onclick=\"location.href='/customer/review' \" style=\"cursor: pointer\">\r\n\r\n\t\t\t\t<div class=\"crsl-item\"><a style=\"display: block\"><div class=\"star_box\"> <ul class=\"star_list\"><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li></ul></div><h3>우수업체(총 3.4점) </h2><h2>행복한이사 - 인천</h1><p>화요일 아침에 비가 조금 내리는 날 이사를 했어요. 전 날 알…<span>이사일 2024-08-27</span></p></a></div><div class=\"crsl-item\"><a style=\"display: block\"><div class=\"star_box\"> <ul class=\"star_list\"><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li></ul></div><h3>우수업체(총 3.4점) </h2><h2>행복한이사 - 인천</h1><p>오늘 오시는거 맞죠? <span>이사일 2023-11-17</span></p></a></div><div class=\"crsl-item\"><a style=\"display: block\"><div class=\"star_box\"> <ul class=\"star_list\"><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_on.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li><li><img src=\"/image/sub/star_off.png\" alt=\"\"/></li></ul></div><h3>보통업체(총 2.9점) </h2><h2>행복한이사 - 전지역</h1><p>여기 나온 번호로 이사 견적 접수했고 오신분은 백마이사몰…<span>이사일 2023-11-03</span></p></a></div>\r\n\t\t\t\t<!-- \r\n\t\t\t\t<div class=\"crsl-item\">\r\n\t\t\t\t\t<a href=\"/customer/review\" style=\"display: block\">\r\n\t\t\t\t\t\t<div class=\"star_box\"> \r\n\t\t\t\t\t\t\t<ul class=\"star_list\">\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_off.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<h3>최우수업체(총 4.0점) </h3>\r\n\t\t\t\t\t\t<h2>기준화물</h2>\r\n\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t가격이 다른곳보다 저렴하여 선택하였습니다. 물론 저렴한만큼 저희가 감수할 부분도 있겠구나 싶었지만 이사가 끝난후 추가비용\r\n\t\t\t\t\t\t\t<span>이사일 2019.9.30 </span>\r\n\t\t\t\t\t\t</p>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</div>\r\n\r\n\t\t\t\t<div class=\"crsl-item\">\r\n\t\t\t\t\t<a href=\"/customer/review\" style=\"display: block\">\r\n\t\t\t\t\t\t<div class=\"star_box\"> <img src=\"image/sub/star_top.png\" alt=\"\"/></div>\r\n\t\t\t\t\t\t<h3>명예의전당(총 5.0점) </h2>\r\n\t\t\t\t\t\t<h2>이사의정석</h1>\r\n\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t가격 적당하고 친절히 잘 도와주셨어요. 만족합니다\r\n\t\t\t\t\t\t\t<span>이사일 2019.9.30 </span>\r\n\t\t\t\t\t\t</p>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</div>\r\n\r\n\t\t\t\t<div class=\"crsl-item\">\r\n\t\t\t\t\t<a href=\"/customer/review\" style=\"display: block\">\r\n\t\t\t\t\t\t<div class=\"star_box\"> <img src=\"image/sub/star_top.png\" alt=\"\"/></div>\r\n\t\t\t\t\t\t<h3>명예의전당업체(총 5.0점) </h2>\r\n\t\t\t\t\t\t<h2>부산 이사야트랜스</h1>\r\n\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t너무 친절하시고 꼼꼼하게 일도 잘해주시고 마무리까지 확실합니다 모두 한국사람으로 젊으신분들이 일을 어찌나 잘하시는지ㅋ\r\n\t\t\t\t\t\t\t<span>이사일 2019.9.30 </span>\r\n\t\t\t\t\t\t</p>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</div>\r\n\r\n\t\t\t\t<div class=\"crsl-item\">\r\n\t\t\t\t\t<a href=\"/customer/review\" style=\"display: block\">\r\n\t\t\t\t\t\t<div class=\"star_box\"> \r\n\t\t\t\t\t\t\t<ul class=\"star_list\">\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_off.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_off.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<h3>보통업체(총 2.4점) </h2>\r\n\t\t\t\t\t\t<h2>하늘익스프레스</h1>\r\n\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t무사히 이사를 잘맞췄습니다~ 감사합니다\r\n\t\t\t\t\t\t\t<span>이사일 2019.9.30 </span>\r\n\t\t\t\t\t\t</p>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</div>\r\n\r\n\t\t\t\t<div class=\"crsl-item\">\r\n\t\t\t\t\t<a href=\"/customer/review\" style=\"display: block\">\r\n\t\t\t\t\t\t<div class=\"star_box\"> \r\n\t\t\t\t\t\t\t<ul class=\"star_list\">\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_on.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t\t<li><img src=\"../image/sub/star_off.png\" alt=\"\"/></li>\r\n\t\t\t\t\t\t\t</ul>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<h3>최우수업체(총 4.0점) </h2>\r\n\t\t\t\t\t\t<h2>한신이사몰</h1>\r\n\t\t\t\t\t\t<p>\r\n\t\t\t\t\t\t\t이사 아주 잘 했어요. 속도가 빠르고 부지런 하셔서 짐도 빨리 옮겼어요.\r\n\t\t\t\t\t\t\t<span>이사일 2019.9.30 </span>\r\n\t\t\t\t\t\t</p>\r\n\t\t\t\t\t</a>\r\n\t\t\t\t</div>\r\n\t\t\t\t-->\r\n\r\n\t\t\t</div>\r\n\t\t</div> \r\n </section>\r\n</div>\r\n\r\n<script type=\"text/javascript\">\r\n\t$(function(){\r\n\t\t$('.crsl-items').carousel({\r\n\t\t\tvisible: 3,\r\n\t\t\titemMinWidth: 200,\r\n\t\t\titemEqualHeight: 200,\r\n\t\t\titemMargin: 5,\r\n\t\t});\r\n\r\n\t\t$(\"a[href=#]\").on('click', function(e) {\r\n\t\t\te.preventDefault();\r\n\t\t});\r\n\t});\r\n</script>\r\n\r\n\r\n \r\n<!--//모바일만노출--> \r\n \r\n \r\n<!--<div class=\"center pc\" style=\"display: block\"> \r\n\t<section id=\"content3\">\r\n\t\t<h2>고객서비스</h2>\r\n\t\t<ul>\r\n\t\t\t<li><a href=\"/customer/faq.php\">자주하는 질문(FAQ) <span><img src=\"image/main/content3_qus.png\" alt=\"?\"/></span></a></li>\r\n\t\t\t<li><a href=\"https://www.internetfriends.co.kr/?s1=modoo24_event&action=reg\" target=\"_blank\">인터넷 비용 지원받기 <span><img src=\"image/main/content3_qus.png\" alt=\"?\"/></span></a></li>\r\n\t\t\t<li><a href=\"/mypage/myorder.php\">내 신청내역 <span><img src=\"image/main/content3_qus.png\" alt=\"?\"/></span></a></li>\r\n\t\t\t<li><a href=\"/mypage/review_write.php\">업체 평가하기 <span><img src=\"image/main/content3_qus.png\" alt=\"?\"/></span></a></li>\r\n\t\t</ul>\r\n\t</section>\r\n</div> -->\r\n\r\n<div class=\"bg_gray\">\r\n\t<div class=\"center\">\r\n\t\t<section id=\"content4\">\r\n\t\t\t<h1>HAPPY-M 이사서비스 <span>프로세스</span></h1>\r\n\t\t\t<p>\r\n\t\t\t\t행복을 나르는 사람들 에서 즐겁고 행복한 이사를 신청하세요!\r\n\t\t\t</p>\r\n\t\t\t<ul>\r\n\t\t\t\t<li>\r\n <label class=\"or\">step1</label>\r\n <h4>happy-m 접수</h4>\r\n\t\t\t\t\t<p><img src=\"image/main/content2_icon1.png\" alt=\"happy-m 접수\"/></p>\r\n\t\t\t\t\t<span>전화나 온라인으로 접수</span>\r\n </li>\r\n <li>\r\n <label class=\"gr\">step2</label>\r\n <h4>고객상담</h4>\r\n\t\t\t\t\t<p><img src=\"image/main/content2_icon2.png\" alt=\"고객상담\"/></p>\r\n\t\t\t\t\t<span>1:1 고객맞춤 컨설팅</span>\r\n \r\n\t\t\t\t</li>\r\n <li>\r\n <label class=\"or\">step3</label>\r\n <h4>무료방문견적</h4>\r\n\t\t\t\t\t<p><img src=\"image/main/content2_icon3.png\" alt=\"무료방문견적\"/></p>\r\n\t\t\t\t\t<span>이사할 짐 파악</span>\r\n \r\n\t\t\t\t</li>\r\n <li>\r\n <label class=\"gr\">step4</label>\r\n <h4>이사예약</h4>\r\n\t\t\t\t\t<p><img src=\"image/main/content2_icon4.png\" alt=\"이사예약\"/></p>\r\n\t\t\t\t\t<span>가격 및 서비스예약</span>\r\n \r\n\t\t\t\t</li>\r\n <li>\r\n <label class=\"or\">step5</label>\r\n <h4>행복한이사</h4>\r\n\t\t\t\t\t<p><img src=\"image/main/content2_icon5.png\" alt=\"행복한이사\"/></p>\r\n\t\t\t\t\t<span>이사실행</span>\r\n \r\n\t\t\t\t</li>\r\n <li>\r\n <label class=\"gr\">step6</label>\r\n <h4>이사후기</h4>\r\n\t\t\t\t\t<p><img src=\"image/main/content2_icon6.png\" alt=\"이사후기\"/></p>\r\n\t\t\t\t\t<span>기분좋은 후기작성</span>\r\n \r\n\t\t\t\t</li>\r\n\t\t\t\t\r\n\t\t\t</ul>\r\n\t\t</section>\r\n\t</div>\r\n</div>\r\n\r\n<div class=\"customer\"> \r\n\t<div class=\"center\"> \r\n\t\t<section id=\"content5\">\r\n\t\t\t\t<h2><strong>행복을 나르는 사람들 예약문의</span></h2>\r\n\t\t\t\t<p><img src=\"image/main/content5_img.png\" alt=\"1544-7524\"/></p>\r\n\t\t\t <button class=\"bt_orange\" type=\"button\" onclick=\"location.href='/?other_open_pop=Y';\">이사견적신청</button>\r\n\t\t</section>\r\n\t</div> \r\n</div> \r\n\r\n<!-- 레이어팝업 -->\r\n<div class=\"layer_pop\">\r\n\t<p class=\"layer_pop_close_btn \">X</p>\r\n\t<div class=\"layer_pop_content_box1\">\r\n\t\t<!-- 이사 콘텐츠 ajax -->\r\n\t</div>\r\n</div>\r\n\r\n\r\n\r\n\r\n\r\n<!--이사 오더 폼-->\r\n<form id=\"move_form\">\r\n\t<input type=\"hidden\" name=\"cmd\" value=\"auction24_order\" />\r\n\r\n\t<input type=\"hidden\" name=\"moving_type\" value=\"\"><!-- 포장이사 종류 선택 -->\r\n\t<input type=\"hidden\" name=\"moving_date\" value=\"\"><!-- 이사날짜 -->\r\n\t<input type=\"hidden\" name=\"moving_str_addr_sido\" value=\"\"><!-- 이사 시작 지점 sido -->\r\n\t<input type=\"hidden\" name=\"moving_str_addr_gugun\" value=\"\"><!-- 이사 시작 지점 gugun -->\r\n\t<input type=\"hidden\" name=\"moving_str_addr_dong\" value=\"\"><!-- 이사 시작 지점 dong -->\r\n\t<input type=\"hidden\" name=\"moving_str_addr_floor\" value=\"\"><!-- 이사 시작 지점 건물 층수 -->\r\n\t<input type=\"hidden\" name=\"moving_end_addr_sido\" value=\"\"><!-- 이사 도착 지점 sido -->\r\n\t<input type=\"hidden\" name=\"moving_end_addr_gugun\" value=\"\"><!-- 이사 도착 지점 gugun -->\r\n\t<input type=\"hidden\" name=\"moving_end_addr_dong\" value=\"\"><!-- 이사 도착 지점 dong -->\r\n\t<input type=\"hidden\" name=\"moving_end_addr_floor\" value=\"\"><!-- 이사 도착 지점 건물 층수 -->\r\n\t<input type=\"hidden\" name=\"user_name\" value=\"\"><!-- 상담 의뢰인 -->\r\n\t<input type=\"hidden\" name=\"user_phone\" value=\"\"><!-- 상담 연락처 -->\r\n\t<input type=\"hidden\" name=\"note\" value=\"\"><!-- 메모 -->\r\n\t<input type=\"hidden\" name=\"my_ton\" value=\"\"><!-- 짐의 예상량 -->\r\n\t<input type=\"hidden\" name=\"auction_flag\" value=\"N\">\r\n\t<input type=\"hidden\" name=\"in_concert\" value=\"행복을나르는사람들\">\r\n\t<input type=\"hidden\" name=\"sms_chk\" value=\"\">\t\r\n\r\n\t<input type=\"hidden\" name=\"submit_clean_yn\" value=\"\"><!-- 청소여부 -->\r\n\r\n\t<input type=\"hidden\" name=\"submit_aircon_yn\" value=\"\"><!-- 에어컨 유무 -->\r\n\t<input type=\"hidden\" name=\"submit_aircon_wall_cnt\" value=\"\"><!-- 벽걸이 에어컨 갯수 -->\r\n\t<input type=\"hidden\" name=\"submit_aircon_stand_cnt\" value=\"\"><!-- 스탠드 에어컨 갯수 -->\r\n\t<input type=\"hidden\" name=\"submit_aircon_system_cnt\" value=\"\"><!-- 시스템 에어컨 갯수 -->\r\n\t<input type=\"hidden\" name=\"submit_aircon_double_cnt\" value=\"\"><!-- 2in1 에어컨 갯수 -->\t\r\n\r\n\t<input type=\"hidden\" name=\"s_uid\" value=\"\"><!-- 지점 idx값 -->\t\r\n</form>\r\n\r\n<!--청소 오더 폼\r\n<form id=\"clean_form\">\r\n\t<input type=\"hidden\" name=\"cmd\" value=\"auction_clean_order\" />\r\n\r\n\t<input type=\"hidden\" name=\"clean_type\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_add_service1\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_add_service2\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_add_service3\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_add_service4\" value=\"\">\r\n\t\r\n\t<input type=\"hidden\" name=\"clean_date\" value=\"\">\r\n\r\n\t<input type=\"hidden\" name=\"clean_addr_sido\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_addr_gugun\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_addr_dong\" value=\"\">\r\n\t\r\n\t<input type=\"hidden\" name=\"clean_house_type\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_elevator\" value=\"\">\r\n\r\n\t<input type=\"hidden\" name=\"clean_addr_detail\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_addr_pyoung\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_staff_cnt\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_user_name\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_user_phone\" value=\"\">\r\n\t<input type=\"hidden\" name=\"clean_note\" value=\"\">\r\n\r\n\t<input type=\"hidden\" name=\"clean_sms_chk\" value=\"\">\r\n</form>\r\n-->\r\n\r\n<script type=\"text/javascript\">\r\n<!--\r\n\t// 오더 글로벌 변수 -> 견적 신청 후 idx값 저장\r\n\tvar order_idx = 0;\r\n\r\n\t$(function(){\r\n\t\t// 레이어팝업 이사 오더 팝업\r\n\t\t$(\"#pop_order_24\").on(\"click\", function(){\r\n\t\t\t$(\".layer_pop\").show();\r\n\t\t\tpage_load_ajax(0);\r\n\t\t});\r\n\r\n\t\t// 레이어팝업 닫기 버튼\r\n\t\t$(\".layer_pop_close_btn\").on(\"click\", function(){\r\n\t\t\tlay_pop_hide();\r\n\t\t});\r\n\r\n\t\t// 레이어팝업 청소 오더 팝업\r\n\t\t$(\"#pop_order_clean\").on(\"click\", function(){\r\n\t\t\t$(\".layer_pop\").show();\r\n\t\t\tpage_load_ajax_clean(0);\r\n\t\t});\r\n\r\n\t\t// 오더신청 레이어 높이 변경\r\n\t\tpop_lay_change();\r\n\t});\r\n\r\n\t// 레이어 팝업 닫기\r\n\tvar lay_pop_hide = function(){\r\n\t\t$(\".layer_pop\").hide();\r\n\t}\r\n\r\n\t// 이사 콘텐츠 가져오기\r\n\tvar page_load_ajax = function(q){\r\n\t\tif(q == 0){\r\n\t\t\tvar url = \"/main_popup/step1\";\r\n\t\t}else if(q == 1){\r\n\t\t\tvar url = \"/main_popup/step2\";\r\n\t\t}else if(q == 2){\r\n\t\t\tvar url = \"/main_popup/step3\";\r\n\t\t}else if(q == 3){\r\n\t\t\tvar url = \"/main_popup/step4\";\r\n\t\t}else if(q == 4){\r\n\t\t\tvar url = \"/main_popup/step5\";\r\n\t\t}else if(q == 5){\r\n\t\t\tvar url = \"/main_popup/step6\";\r\n\t\t}else if(q == 6){\r\n\t\t\tvar url = \"/main_popup/step7\";\r\n\t\t}else if(q == 7){\r\n\t\t\tvar url = \"/main_popup/step8\";\r\n\t\t}\r\n\r\n\t\t$.ajax({\r\n\t\t\ttype : \"POST\"\r\n\t\t\t, url : url\r\n\t\t\t//, data : $(\"#list_form\").serialize()\r\n\t\t\t, success : function(html) {\r\n\t\t\t\t$(\".layer_pop_content_box1\").html(html);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n\r\n\t// 이사 콘텐츠 가져오기\r\n\tvar page_load_ajax_clean = function(q){\r\n\t\tif(q == 0){\r\n\t\t\tvar url = \"/main_popup/clean1\";\r\n\t\t}else if(q == 1){\r\n\t\t\tvar url = \"/main_popup/clean2\";\r\n\t\t}else if(q == 2){\r\n\t\t\tvar url = \"/main_popup/clean3\";\r\n\t\t}else if(q == 3){\r\n\t\t\tvar url = \"/main_popup/clean4\";\r\n\t\t}else if(q == 4){\r\n\t\t\tvar url = \"/main_popup/clean5\";\r\n\t\t}\r\n\r\n\t\t$.ajax({\r\n\t\t\ttype : \"POST\"\r\n\t\t\t, url : url\r\n\t\t\t//, data : $(\"#list_form\").serialize()\r\n\t\t\t, success : function(html) {\r\n\t\t\t\t$(\".layer_pop_content_box1\").html(html);\r\n\t\t\t}\r\n\t\t});\r\n\t}\r\n\r\n\t// 다른곳에서 링크시 이사업체 추천 창 띄우기 위해서\r\n\tvar other_open_pop = function(){\r\n\t\t$(\".layer_pop\").show();\r\n\t\tpage_load_ajax(0);\r\n\t}\r\n\r\n\t\r\n\t// 오더 신청 팝업 변경\r\n\tfunction pop_lay_change(){\r\n\t\tvar hh = $(\"html\").height();\r\n\t\t$(\".layer_pop\").height(hh);\r\n\t}\r\n//-->\r\n</script>\r\n\r\n\r\n\r\n\r\n\r\n<!-- 팝업 -->\r\n<style>\r\n\t.popup_common { position:absolute; z-index:1000; border:2px solid #ccc; box-shadow:3px 3px 3px #555; }\r\n\t.pop_btn_area { position:absolute; width:100%; bottom:0; padding:10px 0; background:#eee; font-size:0.9em; overflow:hidden; }\r\n\t.pop_btn_area span { float:right; text-align:right;}\r\n\t.btn_today_close { margin-left:10px; padding:5px; border-radius:2px; background:#ff6600; color:#fff; }\r\n\t.btn_now_close { margin-right:10px; padding:5px 10px; border-radius:2px; background:#2b4e88; color:#fff; }\r\n\r\n\t.popup_title { padding:10px 7px; background:#eee; font-size:12px; color:#888; }\r\n\t.popup_title span { float:right; padding:2px 5px; background:#999; font-size:14px; color:#fff; cursor:pointer; }\r\n</style>\r\n<script type=\"text/javascript\" src=\"http://www.24auction.co.kr/js/jquery-ui.1.12.0.js\"></script> \r\n<script type=\"text/javascript\">\r\n<!--\r\n\tfunction event_benner_close(n)\r\n\t{\r\n\t\t$(\"#popup_\"+n).hide();\r\n\t}\r\n\r\n\tfunction setCookie( name, value, expiredays )\r\n\t{\r\n\t\tvar todayDate = new Date();\r\n\t\ttodayDate.setDate( todayDate.getDate() + expiredays );\r\n\t\tdocument.cookie = name + \"=\" + escape( value ) + \"; path=/; expires=\" + todayDate.toGMTString() + \";\"\r\n\t}\r\n\r\n\tfunction closeBenner(no)\r\n\t{\r\n\t\tsetCookie(\"popup_div_\"+no, \"view_done\", 1);\r\n\t\tevent_benner_close(no);\r\n\t}\r\n\r\n\t$(document).ready(function(){\r\n\t\tgetCookieData = document.cookie;\r\n\t\tcookieArr = getCookieData.split(';');\r\n\t\tfor(var i=0; i<cookieArr.length; i++)\r\n\t\t{\r\n\t\t\tbenerCookie = cookieArr[i].split('=');\r\n\t\t\tif(benerCookie[1]=='view_done')\r\n\t\t\t{\r\n\t\t\t\tdivNo = benerCookie[0].split('_'); // 팝업 div 번호\r\n\t\t\t\tevent_benner_close(divNo[2]);\r\n\t\t\t\t//break;\r\n\t\t\t}\r\n\t\t}\r\n\t});\r\n//-->\r\n</script>\r\n\r\n\r\n\r\n\r\n \r\n\r\n<footer>\r\n\t<div class=\"center\">\r\n\t\t<ul>\r\n\t\t\t<li style=\"float:left\"><img src=\"/image/ft_logo.png\" alt=\"logo\"/></li>\r\n\t\t\t<li style=\"float:left\"><a href=\"javascript:openAgreePop('/new_common/popup/info_pop.html')\" >개인정보처리방법</a></li>\r\n\t\t\t<li style=\"float:left\"><a href=\"javascript:openAgreePop1('/new_common/popup/use_pop_02.html')\" >제 3자 제공동의</a></li>\r\n\t\t</ul>\r\n\t\t<div> \r\n\t\t\t(주)행복을 나르는 사람들 대표 : 강대성 <span>|</span> 주소 : 인천시 연수구 연수동 547-9 <br/>\r\n\t\t\tTEL : 1544 - 7524 <span>|</span> TEL : 080-553-5555 <span>|</span> 사업자 등록번호 : 131-29-57720 <span>|</span> 화물자동차운송주선업허가 제-연수-4-0161호 <br/><br/>\r\n\t\t\t<p class=\"clblack\">\r\n\t\t\t\t행복을 나르는 사람들은 고객님들의 서비스만족을 위해 항상 노력합니다.\r\n\t\t\t</p><br/>\r\n\t\t\tCopyright (c) 2020 Happy-m Corporation All rights reserved. <br/>\r\n\t\t</div>\r\n\t</div> \r\n</footer>\r\n\r\n<div id=\"bottom_bar\">\r\n <div class=\"pmov\" onclick=\"location.href='/?other_open_pop=Y';\">이사견적 온라인접수</div>\r\n <a href=\"tel:1544-7524\" class=\"ptel\"><img src=\"/image/main/bar_tel.png\" alt=\"1544-7524\"/></a>\r\n</div>\r\n\r\n</body>\r\n</html>\r\n\r\n<!--bottom 팝업 스크립트-->\r\n<script language=\"javascript\">\r\n\tfunction openAgreePop(url)\r\n\t{\r\n\t\twindow.open(url, \"small\", \"width=537, height=500, scrollbars=no, menubar=no\");\r\n\t}\r\n\r\n\tfunction openAgreePop1(url)\r\n\t{\r\n\t\twindow.open(url, \"small\", \"width=537, height=330, scrollbars=no, menubar=no\");\r\n\t}\r\n</script>\r\n<!--bottom 팝업 스크립트-->\r\n\r\n\r\n\r\n\r\n\r\n<!-- 공통 적용 스크립트 , 모든 페이지에 노출되도록 설치. 단 전환페이지 설정값보다 항상 하단에 위치해야함 --> \r\n<script type=\"text/javascript\" src=\"//wcs.naver.net/wcslog.js\"> </script> \r\n<script type=\"text/javascript\"> \r\n\tif (!wcs_add) var wcs_add={};\r\n\twcs_add[\"wa\"] = \"s_3a589317ff16\";\r\n\tif (!_nasa) var _nasa={};\r\n\twcs.inflow();\r\n\twcs_do(_nasa);\r\n</script>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n<!-- 자주묻는질문 --> \r\n<script>\r\n\tvar acc = document.getElementsByClassName(\"accordion\");\r\n\tvar i;\r\n\r\n\tfor (i = 0; i < acc.length; i++) {\r\n\t\tacc[i].addEventListener(\"click\", function() {\r\n\t\t\tthis.classList.toggle(\"active\");\r\n\t\t\tvar panel = this.nextElementSibling;\r\n\t\t\tif (panel.style.maxHeight){\r\n\t\t\t\tpanel.style.maxHeight = null;\r\n\t\t\t} else {\r\n\t\t\t\tpanel.style.maxHeight = panel.scrollHeight + \"px\";\r\n\t\t\t} \r\n\t\t});\r\n\t}\r\n</script>\r\n\r\n<!--간편접수 퀵메뉴-->\t\r\n<script>\r\n$(document).ready(function() {\r\n\t// 기존 css에서 플로팅 배너 위치(top)값을 가져와 저장한다.\r\n\tvar floatPosition = parseInt($(\"#simpleorder\").css('top'));\r\n\t// 250px 이런식으로 가져오므로 여기서 숫자만 가져온다. parseInt( 값 );\r\n\r\n\t$(window).scroll(function() {\r\n\t\t// 현재 스크롤 위치를 가져온다.\r\n\t\tvar scrollTop = $(window).scrollTop();\r\n\t\tvar newPosition = scrollTop + floatPosition + \"px\";\r\n\r\n\t\t/* 애니메이션 없이 바로 따라감\r\n\t\t$(\"#simpleorder\").css('top', newPosition);\r\n\t\t*/\r\n\t\t$(\"#simpleorder\").stop().animate({\r\n\t\t\t\"top\" : newPosition\r\n\t\t}, 500);\r\n\t}).scroll();\r\n});\r\n</script>\r\n<!--//간편접수 퀵메뉴-->\r\n \r\n\r\n ",
"body_murmur": -759862790,
"body_sha256": "e1ba0bbf00d4ff1ee0009a1d5fc6e6e81810e3a50db45354be4527a81129f0d8",
"component": [
"CentOS",
"Apache HTTP Server:2.2.15"
],
"content_length": -1,
"favicon": {
"md5_hash": "7895a1b8d4603e7b85929478b6f57c67",
"murmur_hash": -1654028271,
"path": "http://175.123.253.67:8087/happym.ico",
"size": 2330
},
"headers": {
"cache_control": [
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sun, 29 Jun 2025 02:14:58 GMT"
],
"expires": [
"Thu, 19 Nov 1981 08:52:00 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache/2.2.15 (CentOS)"
],
"set_cookie": [
"PHPSESSID=revn362envsg17lhbkrtp2k5e5; path=/"
],
"x_powered_by": [
"PHP/5.6.40"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "175.123.253.67:8087",
"path": "",
"scheme": "http"
}
},
"status_code": 200,
"title": "행복을나르는사람들",
"transfer_encoding": [
"chunked"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2008-0455",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2009-3560",
"score": 5,
"severity": "medium"
}
],
"url": "http://175.123.253.67:8087/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-29T02:14:59.18Z"
}
],
"services_hash": "29082325db38783ecd35411568b1b8184bb287b4c61865a64cdfd1bac5aa553f",
"last_updated_at": "2025-06-29T02:14:59.18Z",
"banner": [
"http",
"ssh",
"tls"
],
"is_vuln": true,
"cveDetails": {
"CVE-2006-20001": {
"id": "CVE-2006-20001",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://security.netapp.com/advisory/ntap-20230316-0005/"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2007-2768": {
"id": "CVE-2007-2768",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/",
"http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html",
"http://www.osvdb.org/34601",
"https://security.netapp.com/advisory/ntap-20191107-0002/"
],
"score": 4.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2008-0455": {
"id": "CVE-2008-0455",
"references": [
"http://rhn.redhat.com/errata/RHSA-2012-1591.html",
"http://rhn.redhat.com/errata/RHSA-2012-1592.html",
"http://rhn.redhat.com/errata/RHSA-2012-1594.html",
"http://rhn.redhat.com/errata/RHSA-2013-0130.html",
"http://secunia.com/advisories/29348",
"http://secunia.com/advisories/51607",
"http://security.gentoo.org/glsa/glsa-200803-19.xml",
"http://securityreason.com/securityalert/3575",
"http://securitytracker.com/id?1019256",
"http://www.mindedsecurity.com/MSA01150108.html",
"http://www.securityfocus.com/archive/1/486847/100/0/threaded",
"http://www.securityfocus.com/bid/27409",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/39867",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2008-3844": {
"id": "CVE-2008-3844",
"references": [
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747",
"http://secunia.com/advisories/31575",
"http://secunia.com/advisories/32241",
"http://securitytracker.com/id?1020730",
"http://support.avaya.com/elmodocs2/security/ASA-2008-399.htm",
"http://www.redhat.com/security/data/openssh-blacklist.html",
"http://www.redhat.com/support/errata/RHSA-2008-0855.html",
"http://www.securityfocus.com/bid/30794",
"http://www.vupen.com/english/advisories/2008/2821",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/44747"
],
"score": 9.3,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.",
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "CWE-20"
},
"CVE-2009-3560": {
"id": "CVE-2009-3560",
"references": [
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165",
"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/37537",
"http://secunia.com/advisories/38231",
"http://secunia.com/advisories/38794",
"http://secunia.com/advisories/38832",
"http://secunia.com/advisories/38834",
"http://secunia.com/advisories/39478",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/43300",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",
"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",
"http://www.debian.org/security/2009/dsa-1953",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:316",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securityfocus.com/bid/37203",
"http://www.securitytracker.com/id?1023278",
"http://www.ubuntu.com/usn/USN-890-1",
"http://www.ubuntu.com/usn/USN-890-6",
"http://www.vupen.com/english/advisories/2010/0528",
"http://www.vupen.com/english/advisories/2010/0896",
"http://www.vupen.com/english/advisories/2010/1107",
"http://www.vupen.com/english/advisories/2011/0359",
"https://bugzilla.redhat.com/show_bug.cgi?id=533174",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-119"
},
"CVE-2009-3720": {
"id": "CVE-2009-3720",
"references": [
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html",
"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/37324",
"http://secunia.com/advisories/37537",
"http://secunia.com/advisories/37925",
"http://secunia.com/advisories/38050",
"http://secunia.com/advisories/38231",
"http://secunia.com/advisories/38794",
"http://secunia.com/advisories/38832",
"http://secunia.com/advisories/38834",
"http://secunia.com/advisories/39478",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/42326",
"http://secunia.com/advisories/42338",
"http://secunia.com/advisories/43300",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",
"http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127",
"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",
"http://svn.python.org/view?view=rev&revision=74429",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:211",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:212",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:215",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:217",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:218",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:219",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:220",
"http://www.openwall.com/lists/oss-security/2009/08/21/2",
"http://www.openwall.com/lists/oss-security/2009/08/26/3",
"http://www.openwall.com/lists/oss-security/2009/08/26/4",
"http://www.openwall.com/lists/oss-security/2009/08/27/6",
"http://www.openwall.com/lists/oss-security/2009/09/06/1",
"http://www.openwall.com/lists/oss-security/2009/10/22/5",
"http://www.openwall.com/lists/oss-security/2009/10/22/9",
"http://www.openwall.com/lists/oss-security/2009/10/23/2",
"http://www.openwall.com/lists/oss-security/2009/10/23/6",
"http://www.openwall.com/lists/oss-security/2009/10/26/3",
"http://www.openwall.com/lists/oss-security/2009/10/28/3",
"http://www.redhat.com/support/errata/RHSA-2010-0002.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securitytracker.com/id?1023160",
"http://www.ubuntu.com/usn/USN-890-1",
"http://www.ubuntu.com/usn/USN-890-6",
"http://www.vupen.com/english/advisories/2010/0528",
"http://www.vupen.com/english/advisories/2010/0896",
"http://www.vupen.com/english/advisories/2010/1107",
"http://www.vupen.com/english/advisories/2010/3035",
"http://www.vupen.com/english/advisories/2010/3053",
"http://www.vupen.com/english/advisories/2010/3061",
"http://www.vupen.com/english/advisories/2011/0359",
"https://bugs.gentoo.org/show_bug.cgi?id=280615",
"https://bugzilla.redhat.com/show_bug.cgi?id=531697",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2010-1452": {
"id": "CVE-2010-1452",
"references": [
"http://blogs.sun.com/security/entry/cve_2010_1452_mod_dav",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html",
"http://marc.info/?l=apache-announce&m=128009718610929&w=2",
"http://marc.info/?l=bugtraq&m=129190899612998&w=2",
"http://marc.info/?l=bugtraq&m=133355494609819&w=2",
"http://secunia.com/advisories/42367",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.467395",
"http://support.apple.com/kb/HT4581",
"http://ubuntu.com/usn/usn-1021-1",
"http://www.redhat.com/support/errata/RHSA-2010-0659.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.vupen.com/english/advisories/2010/2218",
"http://www.vupen.com/english/advisories/2010/3064",
"http://www.vupen.com/english/advisories/2011/0291",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=49246",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11683",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12341"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-Other"
},
"CVE-2010-1623": {
"id": "CVE-2010-1623",
"references": [
"http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/42015",
"http://secunia.com/advisories/42361",
"http://secunia.com/advisories/42367",
"http://secunia.com/advisories/42403",
"http://secunia.com/advisories/42537",
"http://secunia.com/advisories/43211",
"http://secunia.com/advisories/43285",
"http://security-tracker.debian.org/tracker/CVE-2010-1623",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828",
"http://svn.apache.org/viewvc?view=revision&revision=1003492",
"http://svn.apache.org/viewvc?view=revision&revision=1003493",
"http://svn.apache.org/viewvc?view=revision&revision=1003494",
"http://svn.apache.org/viewvc?view=revision&revision=1003495",
"http://svn.apache.org/viewvc?view=revision&revision=1003626",
"http://ubuntu.com/usn/usn-1021-1",
"http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601",
"http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"http://www.mandriva.com/security/advisories?name=MDVSA-2010:192",
"http://www.redhat.com/support/errata/RHSA-2010-0950.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.securityfocus.com/bid/43673",
"http://www.ubuntu.com/usn/USN-1022-1",
"http://www.vupen.com/english/advisories/2010/2556",
"http://www.vupen.com/english/advisories/2010/2557",
"http://www.vupen.com/english/advisories/2010/2806",
"http://www.vupen.com/english/advisories/2010/3064",
"http://www.vupen.com/english/advisories/2010/3065",
"http://www.vupen.com/english/advisories/2010/3074",
"http://www.vupen.com/english/advisories/2011/0358",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-119"
},
"CVE-2010-2068": {
"id": "CVE-2010-2068",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E",
"http://marc.info/?l=apache-announce&m=128009718610929&w=2",
"http://secunia.com/advisories/40206",
"http://secunia.com/advisories/40824",
"http://secunia.com/advisories/41480",
"http://secunia.com/advisories/41490",
"http://secunia.com/advisories/41722",
"http://securitytracker.com/id?1024096",
"http://support.apple.com/kb/HT4581",
"http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4",
"http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch",
"http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch",
"http://www.ibm.com/support/docview.wss?uid=swg1PM16366",
"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securityfocus.com/archive/1/511809/100/0/threaded",
"http://www.securityfocus.com/bid/40827",
"http://www.vupen.com/english/advisories/2010/1436",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/59413",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2010-4478": {
"id": "CVE-2010-4478",
"references": [
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673",
"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h",
"https://bugzilla.redhat.com/show_bug.cgi?id=659297",
"https://github.com/seb-m/jpake",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673",
"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h",
"https://bugzilla.redhat.com/show_bug.cgi?id=659297",
"https://github.com/seb-m/jpake",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"
],
"score": 7.5,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"weakness": "CWE-287"
},
"CVE-2010-4755": {
"id": "CVE-2010-4755",
"references": [
"http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1",
"http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1",
"http://cxib.net/stuff/glob-0day.c",
"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc",
"http://securityreason.com/achievement_securityalert/89",
"http://securityreason.com/exploitalert/9223",
"http://securityreason.com/securityalert/8116",
"http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1",
"http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp.c#rev1.21.6.1",
"http://cxib.net/stuff/glob-0day.c",
"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc",
"http://securityreason.com/achievement_securityalert/89",
"http://securityreason.com/exploitalert/9223",
"http://securityreason.com/securityalert/8116"
],
"score": 4,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.",
"vector_string": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2010-5107": {
"id": "CVE-2010-5107",
"references": [
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-1591.html",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89",
"http://www.openwall.com/lists/oss-security/2013/02/07/3",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/58162",
"https://bugzilla.redhat.com/show_bug.cgi?id=908707",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-1591.html",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89",
"http://www.openwall.com/lists/oss-security/2013/02/07/3",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/58162",
"https://bugzilla.redhat.com/show_bug.cgi?id=908707",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595"
],
"score": 5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-Other"
},
"CVE-2011-0419": {
"id": "CVE-2011-0419",
"references": [
"http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"http://cxib.net/stuff/apache.fnmatch.phps",
"http://cxib.net/stuff/apr_fnmatch.txts",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://secunia.com/advisories/44490",
"http://secunia.com/advisories/44564",
"http://secunia.com/advisories/44574",
"http://secunia.com/advisories/48308",
"http://securityreason.com/achievement_securityalert/98",
"http://securityreason.com/securityalert/8246",
"http://securitytracker.com/id?1025527",
"http://support.apple.com/kb/HT5002",
"http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902",
"http://svn.apache.org/viewvc?view=revision&revision=1098188",
"http://svn.apache.org/viewvc?view=revision&revision=1098799",
"http://www.apache.org/dist/apr/Announcement1.x.html",
"http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.debian.org/security/2011/dsa-2237",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:084",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-0507.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804",
"http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"http://cxib.net/stuff/apache.fnmatch.phps",
"http://cxib.net/stuff/apr_fnmatch.txts",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://secunia.com/advisories/44490",
"http://secunia.com/advisories/44564",
"http://secunia.com/advisories/44574",
"http://secunia.com/advisories/48308",
"http://securityreason.com/achievement_securityalert/98",
"http://securityreason.com/securityalert/8246",
"http://securitytracker.com/id?1025527",
"http://support.apple.com/kb/HT5002",
"http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902",
"http://svn.apache.org/viewvc?view=revision&revision=1098188",
"http://svn.apache.org/viewvc?view=revision&revision=1098799",
"http://www.apache.org/dist/apr/Announcement1.x.html",
"http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.debian.org/security/2011/dsa-2237",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:084",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-0507.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-770"
},
"CVE-2011-3192": {
"id": "CVE-2011-3192",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html",
"http://blogs.oracle.com/security/entry/security_alert_for_cve_2011",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3e",
"http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3e",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=133477473521382&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://osvdb.org/74721",
"http://seclists.org/fulldisclosure/2011/Aug/175",
"http://secunia.com/advisories/45606",
"http://secunia.com/advisories/45937",
"http://secunia.com/advisories/46000",
"http://secunia.com/advisories/46125",
"http://secunia.com/advisories/46126",
"http://securitytracker.com/id?1025960",
"http://support.apple.com/kb/HT5002",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml",
"http://www.exploit-db.com/exploits/17696",
"http://www.gossamer-threads.com/lists/apache/dev/401638",
"http://www.kb.cert.org/vuls/id/405811",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:130",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"http://www.redhat.com/support/errata/RHSA-2011-1245.html",
"http://www.redhat.com/support/errata/RHSA-2011-1294.html",
"http://www.redhat.com/support/errata/RHSA-2011-1300.html",
"http://www.redhat.com/support/errata/RHSA-2011-1329.html",
"http://www.redhat.com/support/errata/RHSA-2011-1330.html",
"http://www.redhat.com/support/errata/RHSA-2011-1369.html",
"http://www.securityfocus.com/bid/49303",
"http://www.ubuntu.com/usn/USN-1199-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=732928",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/69396",
"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=51714",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827"
],
"score": 7.8,
"services": [
"8087/http"
],
"severity": "high",
"summary": "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"weakness": "CWE-400"
},
"CVE-2011-3348": {
"id": "CVE-2011-3348",
"references": [
"http://community.jboss.org/message/625307",
"http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21",
"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/46013",
"http://support.apple.com/kb/HT5130",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:168",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-1391.html",
"http://www.securityfocus.com/bid/49616",
"http://www.securitytracker.com/id?1026054",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/69804",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14941",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18154"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-400"
},
"CVE-2011-3368": {
"id": "CVE-2011-3368",
"references": [
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://osvdb.org/76079",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://seclists.org/fulldisclosure/2011/Oct/232",
"http://seclists.org/fulldisclosure/2011/Oct/273",
"http://secunia.com/advisories/46288",
"http://secunia.com/advisories/46414",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1179239",
"http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt",
"http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42",
"http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48",
"http://www.contextis.com/research/blog/reverseproxybypass/",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.exploit-db.com/exploits/17969",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:144",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.redhat.com/support/errata/RHSA-2011-1391.html",
"http://www.redhat.com/support/errata/RHSA-2011-1392.html",
"http://www.securityfocus.com/bid/49957",
"http://www.securitytracker.com/id?1026144",
"https://bugzilla.redhat.com/show_bug.cgi?id=740045",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/70336",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-20"
},
"CVE-2011-3607": {
"id": "CVE-2011-3607",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/45793",
"http://secunia.com/advisories/48551",
"http://securitytracker.com/id?1026267",
"http://support.apple.com/kb/HT5501",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:003",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.osvdb.org/76744",
"http://www.securityfocus.com/bid/50494",
"https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422",
"https://bugzilla.redhat.com/show_bug.cgi?id=750935",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/71093",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.4,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.",
"vector_string": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-189"
},
"CVE-2011-3639": {
"id": "CVE-2011-3639",
"references": [
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://svn.apache.org/viewvc?view=revision&revision=1188745",
"http://www.debian.org/security/2012/dsa-2405",
"https://bugzilla.redhat.com/show_bug.cgi?id=752080"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2011-4317": {
"id": "CVE-2011-4317",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://thread.gmane.org/gmane.comp.apache.devel/46440",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:003",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securitytracker.com/id?1026353",
"https://bugzilla.redhat.com/show_bug.cgi?id=756483",
"https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2011-4327": {
"id": "CVE-2011-4327",
"references": [
"http://www.openssh.com/txt/portable-keysign-rand-helper.adv",
"https://bugzilla.redhat.com/show_bug.cgi?id=755640",
"http://www.openssh.com/txt/portable-keysign-rand-helper.adv",
"https://bugzilla.redhat.com/show_bug.cgi?id=755640"
],
"score": 2.1,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.",
"vector_string": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2011-4415": {
"id": "CVE-2011-4415",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://www.gossamer-threads.com/lists/apache/dev/403775",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html"
],
"score": 1.2,
"services": [
"8087/http"
],
"severity": "low",
"summary": "The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the \"len +=\" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.",
"vector_string": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2011-5000": {
"id": "CVE-2011-5000",
"references": [
"http://rhn.redhat.com/errata/RHSA-2012-0884.html",
"http://seclists.org/fulldisclosure/2011/Aug/2",
"http://site.pi3.com.pl/adv/ssh_1.txt",
"http://rhn.redhat.com/errata/RHSA-2012-0884.html",
"http://seclists.org/fulldisclosure/2011/Aug/2",
"http://site.pi3.com.pl/adv/ssh_1.txt"
],
"score": 3.5,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.",
"vector_string": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"weakness": "CWE-189"
},
"CVE-2012-0031": {
"id": "CVE-2012-0031",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/47410",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1230065",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securityfocus.com/bid/51407",
"https://bugzilla.redhat.com/show_bug.cgi?id=773744",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.6,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.",
"vector_string": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2012-0053": {
"id": "CVE-2012-0053",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=136441204617335&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1235454",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securityfocus.com/bid/51706",
"https://bugzilla.redhat.com/show_bug.cgi?id=785069",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2012-0814": {
"id": "CVE-2012-0814",
"references": [
"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673",
"http://openwall.com/lists/oss-security/2012/01/26/15",
"http://openwall.com/lists/oss-security/2012/01/26/16",
"http://openwall.com/lists/oss-security/2012/01/27/1",
"http://openwall.com/lists/oss-security/2012/01/27/4",
"http://osvdb.org/78706",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54",
"http://www.securityfocus.com/bid/51702",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/72756",
"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673",
"http://openwall.com/lists/oss-security/2012/01/26/15",
"http://openwall.com/lists/oss-security/2012/01/26/16",
"http://openwall.com/lists/oss-security/2012/01/27/1",
"http://openwall.com/lists/oss-security/2012/01/27/4",
"http://osvdb.org/78706",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54",
"http://www.securityfocus.com/bid/51702",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/72756"
],
"score": 3.5,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.",
"vector_string": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"weakness": "CWE-255"
},
"CVE-2012-0883": {
"id": "CVE-2012-0883",
"references": [
"http://article.gmane.org/gmane.comp.apache.devel/48158",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=134012830914727&w=2",
"http://secunia.com/advisories/48849",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc?view=revision&revision=1296428",
"http://www.apache.org/dist/httpd/Announcement2.4.html",
"http://www.apachelounge.com/Changelog-2.4.html",
"http://www.securityfocus.com/bid/53046",
"http://www.securitytracker.com/id?1026932",
"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/74901",
"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 6.9,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.",
"vector_string": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2012-2687": {
"id": "CVE-2012-2687",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-1591.html",
"http://rhn.redhat.com/errata/RHSA-2012-1592.html",
"http://rhn.redhat.com/errata/RHSA-2012-1594.html",
"http://rhn.redhat.com/errata/RHSA-2013-0130.html",
"http://secunia.com/advisories/50894",
"http://secunia.com/advisories/51607",
"http://support.apple.com/kb/HT5880",
"http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f",
"http://www.apache.org/dist/httpd/CHANGES_2.4.3",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.securityfocus.com/bid/55131",
"http://www.ubuntu.com/usn/USN-1627-1",
"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-1591.html",
"http://rhn.redhat.com/errata/RHSA-2012-1592.html",
"http://rhn.redhat.com/errata/RHSA-2012-1594.html",
"http://rhn.redhat.com/errata/RHSA-2013-0130.html",
"http://secunia.com/advisories/50894",
"http://secunia.com/advisories/51607",
"http://support.apple.com/kb/HT5880",
"http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f",
"http://www.apache.org/dist/httpd/CHANGES_2.4.3",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.securityfocus.com/bid/55131",
"http://www.ubuntu.com/usn/USN-1627-1",
"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539"
],
"score": 2.6,
"services": [
"8087/http"
],
"severity": "low",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.",
"vector_string": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2012-3499": {
"id": "CVE-2012-3499",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2012-4557": {
"id": "CVE-2012-4557",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://svn.apache.org/viewvc?view=revision&revision=1227298",
"http://www.debian.org/security/2012/dsa-2579",
"https://bugzilla.redhat.com/show_bug.cgi?id=871685",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2012-4558": {
"id": "CVE-2012-4558",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2013-1862": {
"id": "CVE-2013-1862",
"references": [
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
"http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT6150",
"http://svn.apache.org/viewvc?view=revision&revision=r1469311",
"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862",
"http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:174",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/59826",
"http://www.securityfocus.com/bid/64758",
"http://www.ubuntu.com/usn/USN-1903-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=953729",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534"
],
"score": 5.1,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.",
"vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-1896": {
"id": "CVE-2013-1896",
"references": [
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
"http://rhn.redhat.com/errata/RHSA-2013-1156.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT6150",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?view=log",
"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1896",
"http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.securityfocus.com/bid/61129",
"http://www.ubuntu.com/usn/USN-1903-1",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18835",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19747"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-5704": {
"id": "CVE-2013-5704",
"references": [
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://martin.swende.se/blog/HTTPChunked.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://rhn.redhat.com/errata/RHSA-2015-1249.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/66550",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://support.apple.com/HT205219",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://martin.swende.se/blog/HTTPChunked.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://rhn.redhat.com/errata/RHSA-2015-1249.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/66550",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://support.apple.com/HT205219"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-6438": {
"id": "CVE-2013-6438",
"references": [
"http://advisories.mageia.org/MGASA-2014-0135.html",
"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/58230",
"http://secunia.com/advisories/59315",
"http://secunia.com/advisories/59345",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h",
"http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"http://www.apache.org/dist/httpd/CHANGES_2.4.9",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/66303",
"http://www.ubuntu.com/usn/USN-2152-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2013-6438",
"https://support.apple.com/HT204659",
"https://support.apple.com/kb/HT6535"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2014-0098": {
"id": "CVE-2014-0098",
"references": [
"http://advisories.mageia.org/MGASA-2014-0135.html",
"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/58230",
"http://secunia.com/advisories/58915",
"http://secunia.com/advisories/59219",
"http://secunia.com/advisories/59315",
"http://secunia.com/advisories/59345",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h",
"http://www-01.ibm.com/support/docview.wss?uid=swg21668973",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"http://www.apache.org/dist/httpd/CHANGES_2.4.9",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/66303",
"http://www.ubuntu.com/usn/USN-2152-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0098",
"https://support.apple.com/HT204659",
"https://support.apple.com/kb/HT6535"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2014-0118": {
"id": "CVE-2014-0118",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353&r2=1610501&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68745",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120601",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0118",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-400"
},
"CVE-2014-0226": {
"id": "CVE-2014-0226",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://seclists.org/fulldisclosure/2014/Jul/114",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998&r2=1610491&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989&r2=1610491&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.exploit-db.com/exploits/34133",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.osvdb.org/109216",
"http://www.securityfocus.com/bid/68678",
"http://zerodayinitiative.com/advisories/ZDI-14-236/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120603",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0226",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://www.povonsec.com/apache-2-4-7-exploit/"
],
"score": 6.8,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-362"
},
"CVE-2014-0231": {
"id": "CVE-2014-0231",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://secunia.com/advisories/60536",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0231",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://secunia.com/advisories/60536",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0231",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2014-1692": {
"id": "CVE-2014-1692",
"references": [
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://openwall.com/lists/oss-security/2014/01/29/10",
"http://openwall.com/lists/oss-security/2014/01/29/2",
"http://osvdb.org/102611",
"http://secunia.com/advisories/60184",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10",
"http://www.securityfocus.com/bid/65230",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/90819",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://openwall.com/lists/oss-security/2014/01/29/10",
"http://openwall.com/lists/oss-security/2014/01/29/2",
"http://osvdb.org/102611",
"http://secunia.com/advisories/60184",
"http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h",
"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10",
"http://www.securityfocus.com/bid/65230",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/90819"
],
"score": 7.5,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"weakness": "CWE-119"
},
"CVE-2014-2532": {
"id": "CVE-2014-2532",
"references": [
"http://advisories.mageia.org/MGASA-2014-0143.html",
"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1552.html",
"http://secunia.com/advisories/57488",
"http://secunia.com/advisories/57574",
"http://secunia.com/advisories/59313",
"http://secunia.com/advisories/59855",
"http://www.debian.org/security/2014/dsa-2894",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.securityfocus.com/bid/66355",
"http://www.securitytracker.com/id/1029925",
"http://www.ubuntu.com/usn/USN-2155-1",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/91986",
"https://support.apple.com/HT205267",
"http://advisories.mageia.org/MGASA-2014-0143.html",
"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1552.html",
"http://secunia.com/advisories/57488",
"http://secunia.com/advisories/57574",
"http://secunia.com/advisories/59313",
"http://secunia.com/advisories/59855",
"http://www.debian.org/security/2014/dsa-2894",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"http://www.securityfocus.com/bid/66355",
"http://www.securitytracker.com/id/1029925",
"http://www.ubuntu.com/usn/USN-2155-1",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/91986",
"https://support.apple.com/HT205267"
],
"score": 4.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"weakness": "CWE-264"
},
"CVE-2014-2653": {
"id": "CVE-2014-2653",
"references": [
"http://advisories.mageia.org/MGASA-2014-0166.html",
"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://openwall.com/lists/oss-security/2014/03/26/7",
"http://rhn.redhat.com/errata/RHSA-2014-1552.html",
"http://rhn.redhat.com/errata/RHSA-2015-0425.html",
"http://secunia.com/advisories/59855",
"http://www.debian.org/security/2014/dsa-2894",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.securityfocus.com/bid/66459",
"http://www.ubuntu.com/usn/USN-2164-1",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513",
"http://advisories.mageia.org/MGASA-2014-0166.html",
"http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://marc.info/?l=bugtraq&m=141576985122836&w=2",
"http://openwall.com/lists/oss-security/2014/03/26/7",
"http://rhn.redhat.com/errata/RHSA-2014-1552.html",
"http://rhn.redhat.com/errata/RHSA-2015-0425.html",
"http://secunia.com/advisories/59855",
"http://www.debian.org/security/2014/dsa-2894",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:068",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:095",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.securityfocus.com/bid/66459",
"http://www.ubuntu.com/usn/USN-2164-1",
"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"
],
"score": 5.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2015-0228": {
"id": "CVE-2015-0228",
"references": [
"http://advisories.mageia.org/MGASA-2015-0099.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/73041",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
"https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://advisories.mageia.org/MGASA-2015-0099.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/73041",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
"https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2015-3183": {
"id": "CVE-2015-3183",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/75963",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/CVE-2015-3183",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/75963",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/CVE-2015-3183",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "CWE-17"
},
"CVE-2015-5352": {
"id": "CVE-2015-5352",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://openwall.com/lists/oss-security/2015/07/01/10",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://www.openssh.com/txt/release-6.9",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/75525",
"http://www.securitytracker.com/id/1032797",
"http://www.ubuntu.com/usn/USN-2710-1",
"http://www.ubuntu.com/usn/USN-2710-2",
"https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://security.netapp.com/advisory/ntap-20181023-0001/",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://openwall.com/lists/oss-security/2015/07/01/10",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://www.openssh.com/txt/release-6.9",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/75525",
"http://www.securitytracker.com/id/1032797",
"http://www.ubuntu.com/usn/USN-2710-1",
"http://www.ubuntu.com/usn/USN-2710-2",
"https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://security.netapp.com/advisory/ntap-20181023-0001/"
],
"score": 4.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-264"
},
"CVE-2015-5600": {
"id": "CVE-2015-5600",
"references": [
"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c",
"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://openwall.com/lists/oss-security/2015/07/23/4",
"http://rhn.redhat.com/errata/RHSA-2016-0466.html",
"http://seclists.org/fulldisclosure/2015/Jul/92",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"http://www.securityfocus.com/bid/75990",
"http://www.securityfocus.com/bid/91787",
"http://www.securityfocus.com/bid/92012",
"http://www.securitytracker.com/id/1032988",
"http://www.ubuntu.com/usn/USN-2710-1",
"http://www.ubuntu.com/usn/USN-2710-2",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10136",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10157",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://security.netapp.com/advisory/ntap-20151106-0001/",
"https://support.apple.com/kb/HT205031",
"https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12",
"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c",
"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43&f=h",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10697",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162955.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://openwall.com/lists/oss-security/2015/07/23/4",
"http://rhn.redhat.com/errata/RHSA-2016-0466.html",
"http://seclists.org/fulldisclosure/2015/Jul/92",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"http://www.securityfocus.com/bid/75990",
"http://www.securityfocus.com/bid/91787",
"http://www.securityfocus.com/bid/92012",
"http://www.securitytracker.com/id/1032988",
"http://www.ubuntu.com/usn/USN-2710-1",
"http://www.ubuntu.com/usn/USN-2710-2",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128992",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10136",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10157",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://security.netapp.com/advisory/ntap-20151106-0001/",
"https://support.apple.com/kb/HT205031",
"https://www.arista.com/en/support/advisories-notices/security-advisories/1174-security-advisory-12"
],
"score": 8.5,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"weakness": "CWE-264"
},
"CVE-2015-6563": {
"id": "CVE-2015-6563",
"references": [
"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://seclists.org/fulldisclosure/2015/Aug/54",
"http://www.openssh.com/txt/release-7.0",
"http://www.openwall.com/lists/oss-security/2015/08/22/1",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"http://www.securityfocus.com/bid/76317",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://security.netapp.com/advisory/ntap-20180201-0002/",
"https://support.apple.com/HT205375",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766",
"http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://seclists.org/fulldisclosure/2015/Aug/54",
"http://www.openssh.com/txt/release-7.0",
"http://www.openwall.com/lists/oss-security/2015/08/22/1",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"http://www.securityfocus.com/bid/76317",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://security.netapp.com/advisory/ntap-20180201-0002/",
"https://support.apple.com/HT205375",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766"
],
"score": 1.8,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.",
"vector_string": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2015-6564": {
"id": "CVE-2015-6564",
"references": [
"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://seclists.org/fulldisclosure/2015/Aug/54",
"http://www.openssh.com/txt/release-7.0",
"http://www.openwall.com/lists/oss-security/2015/08/22/1",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"http://www.securityfocus.com/bid/76317",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10136",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html",
"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://seclists.org/fulldisclosure/2015/Aug/54",
"http://www.openssh.com/txt/release-7.0",
"http://www.openwall.com/lists/oss-security/2015/08/22/1",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"http://www.securityfocus.com/bid/76317",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10136",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201512-04",
"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764"
],
"score": 6.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.",
"vector_string": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "CWE-264"
},
"CVE-2016-0777": {
"id": "CVE-2016-0777",
"references": [
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html",
"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html",
"http://seclists.org/fulldisclosure/2016/Jan/44",
"http://www.debian.org/security/2016/dsa-3446",
"http://www.openssh.com/txt/release-7.1p2",
"http://www.openwall.com/lists/oss-security/2016/01/14/7",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/archive/1/537295/100/0/threaded",
"http://www.securityfocus.com/bid/80695",
"http://www.securitytracker.com/id/1034671",
"http://www.ubuntu.com/usn/USN-2869-1",
"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/",
"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"https://bto.bluecoat.com/security-advisory/sa109",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc",
"https://security.gentoo.org/glsa/201601-01",
"https://support.apple.com/HT206167",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734",
"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html",
"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html",
"http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html",
"http://seclists.org/fulldisclosure/2016/Jan/44",
"http://www.debian.org/security/2016/dsa-3446",
"http://www.openssh.com/txt/release-7.1p2",
"http://www.openwall.com/lists/oss-security/2016/01/14/7",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/archive/1/537295/100/0/threaded",
"http://www.securityfocus.com/bid/80695",
"http://www.securitytracker.com/id/1034671",
"http://www.ubuntu.com/usn/USN-2869-1",
"https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/",
"https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/",
"https://bto.bluecoat.com/security-advisory/sa109",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc",
"https://security.gentoo.org/glsa/201601-01",
"https://support.apple.com/HT206167"
],
"score": 6.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2016-10009": {
"id": "CVE-2016-10009",
"references": [
"http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html",
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://seclists.org/fulldisclosure/2023/Jul/31",
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.openwall.com/lists/oss-security/2023/07/19/9",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.securityfocus.com/bid/94968",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://access.redhat.com/errata/RHSA-2017:2029",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=1009",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://usn.ubuntu.com/3538-1/",
"https://www.exploit-db.com/exploits/40963/",
"https://www.openssh.com/txt/release-7.4",
"http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html",
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://seclists.org/fulldisclosure/2023/Jul/31",
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.openwall.com/lists/oss-security/2023/07/19/9",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.securityfocus.com/bid/94968",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://access.redhat.com/errata/RHSA-2017:2029",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=1009",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://usn.ubuntu.com/3538-1/",
"https://www.exploit-db.com/exploits/40963/",
"https://www.openssh.com/txt/release-7.4"
],
"score": 7.3,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"weakness": "CWE-426"
},
"CVE-2016-10010": {
"id": "CVE-2016-10010",
"references": [
"http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html",
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.securityfocus.com/bid/94972",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=1010",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce",
"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://www.exploit-db.com/exploits/40962/",
"https://www.openssh.com/txt/release-7.4",
"http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html",
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.securityfocus.com/bid/94972",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://bugs.chromium.org/p/project-zero/issues/detail?id=1010",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce",
"https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://www.exploit-db.com/exploits/40962/",
"https://www.openssh.com/txt/release-7.4"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.",
"vector_string": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-264"
},
"CVE-2016-10011": {
"id": "CVE-2016-10011",
"references": [
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.securityfocus.com/bid/94977",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://access.redhat.com/errata/RHSA-2017:2029",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
"https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://www.openssh.com/txt/release-7.4",
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.securityfocus.com/bid/94977",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://access.redhat.com/errata/RHSA-2017:2029",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
"https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://www.openssh.com/txt/release-7.4"
],
"score": 5.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.",
"vector_string": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-320"
},
"CVE-2016-10012": {
"id": "CVE-2016-10012",
"references": [
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.securityfocus.com/bid/94975",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://access.redhat.com/errata/RHSA-2017:2029",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.f5.com/csp/article/K62201745?utm_source=f5support&%3Butm_medium=RSS",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://www.openssh.com/txt/release-7.4",
"http://www.openwall.com/lists/oss-security/2016/12/19/2",
"http://www.securityfocus.com/bid/94975",
"http://www.securitytracker.com/id/1037490",
"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637",
"https://access.redhat.com/errata/RHSA-2017:2029",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.netapp.com/advisory/ntap-20171130-0002/",
"https://support.f5.com/csp/article/K62201745?utm_source=f5support&%3Butm_medium=RSS",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us",
"https://www.openssh.com/txt/release-7.4"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.",
"vector_string": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-119"
},
"CVE-2016-10708": {
"id": "CVE-2016-10708",
"references": [
"http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html",
"http://www.securityfocus.com/bid/102780",
"https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737",
"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10284",
"https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.netapp.com/advisory/ntap-20180423-0003/",
"https://support.f5.com/csp/article/K32485746?utm_source=f5support&%3Butm_medium=RSS",
"https://usn.ubuntu.com/3809-1/",
"https://www.openssh.com/releasenotes.html",
"http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html",
"http://www.securityfocus.com/bid/102780",
"https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737",
"https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10284",
"https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.netapp.com/advisory/ntap-20180423-0003/",
"https://support.f5.com/csp/article/K32485746?utm_source=f5support&%3Butm_medium=RSS",
"https://usn.ubuntu.com/3809-1/",
"https://www.openssh.com/releasenotes.html"
],
"score": 7.5,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2016-1908": {
"id": "CVE-2016-1908",
"references": [
"http://openwall.com/lists/oss-security/2016/01/15/13",
"http://rhn.redhat.com/errata/RHSA-2016-0465.html",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://www.openssh.com/txt/release-7.2",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/84427",
"http://www.securitytracker.com/id/1034705",
"https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c",
"https://bugzilla.redhat.com/show_bug.cgi?id=1298741",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201612-18",
"http://openwall.com/lists/oss-security/2016/01/15/13",
"http://rhn.redhat.com/errata/RHSA-2016-0465.html",
"http://rhn.redhat.com/errata/RHSA-2016-0741.html",
"http://www.openssh.com/txt/release-7.2",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"http://www.securityfocus.com/bid/84427",
"http://www.securitytracker.com/id/1034705",
"https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c",
"https://bugzilla.redhat.com/show_bug.cgi?id=1298741",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201612-18"
],
"score": 9.8,
"services": [
"22/ssh"
],
"severity": "critical",
"summary": "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-287"
},
"CVE-2016-20012": {
"id": "CVE-2016-20012",
"references": [
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1",
"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
"https://github.com/openssh/openssh-portable/pull/270",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
"https://rushter.com/blog/public-ssh-keys/",
"https://security.netapp.com/advisory/ntap-20211014-0005/",
"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
"https://www.openwall.com/lists/oss-security/2018/08/24/1"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2016-4975": {
"id": "CVE-2016-4975",
"references": [
"http://www.securityfocus.com/bid/105093",
"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180926-0006/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us"
],
"score": 6.1,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-93"
},
"CVE-2016-5387": {
"id": "CVE-2016-5387",
"references": [
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-1625.html",
"http://rhn.redhat.com/errata/RHSA-2016-1648.html",
"http://rhn.redhat.com/errata/RHSA-2016-1649.html",
"http://rhn.redhat.com/errata/RHSA-2016-1650.html",
"http://www.debian.org/security/2016/dsa-3623",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"http://www.securityfocus.com/bid/91816",
"http://www.securitytracker.com/id/1036330",
"http://www.ubuntu.com/usn/USN-3038-1",
"https://access.redhat.com/errata/RHSA-2016:1420",
"https://access.redhat.com/errata/RHSA-2016:1421",
"https://access.redhat.com/errata/RHSA-2016:1422",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://access.redhat.com/errata/RHSA-2016:1851",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
"https://security.gentoo.org/glsa/201701-36",
"https://support.apple.com/HT208221",
"https://www.apache.org/security/asf-httpoxy-response.txt",
"https://www.tenable.com/security/tns-2017-04",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-1625.html",
"http://rhn.redhat.com/errata/RHSA-2016-1648.html",
"http://rhn.redhat.com/errata/RHSA-2016-1649.html",
"http://rhn.redhat.com/errata/RHSA-2016-1650.html",
"http://www.debian.org/security/2016/dsa-3623",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"http://www.securityfocus.com/bid/91816",
"http://www.securitytracker.com/id/1036330",
"http://www.ubuntu.com/usn/USN-3038-1",
"https://access.redhat.com/errata/RHSA-2016:1420",
"https://access.redhat.com/errata/RHSA-2016:1421",
"https://access.redhat.com/errata/RHSA-2016:1422",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://access.redhat.com/errata/RHSA-2016:1851",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
"https://security.gentoo.org/glsa/201701-36",
"https://support.apple.com/HT208221",
"https://www.apache.org/security/asf-httpoxy-response.txt",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 8.1,
"services": [
"8087/http"
],
"severity": "high",
"summary": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2016-8612": {
"id": "CVE-2016-8612",
"references": [
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.securityfocus.com/bid/94939",
"https://access.redhat.com/errata/RHSA-2017:0193",
"https://access.redhat.com/errata/RHSA-2017:0194",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"https://security.netapp.com/advisory/ntap-20180601-0005/",
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.securityfocus.com/bid/94939",
"https://access.redhat.com/errata/RHSA-2017:0193",
"https://access.redhat.com/errata/RHSA-2017:0194",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"https://security.netapp.com/advisory/ntap-20180601-0005/"
],
"score": 4.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.",
"vector_string": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-20"
},
"CVE-2016-8743": {
"id": "CVE-2016-8743",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95077",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1721",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04",
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95077",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1721",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2017-15906": {
"id": "CVE-2017-15906",
"references": [
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"http://www.securityfocus.com/bid/101552",
"https://access.redhat.com/errata/RHSA-2018:0980",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19",
"https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html",
"https://security.gentoo.org/glsa/201801-05",
"https://security.netapp.com/advisory/ntap-20180423-0004/",
"https://www.openssh.com/txt/release-7.6",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-732"
},
"CVE-2017-3167": {
"id": "CVE-2017-3167",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99135",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99135",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-287"
},
"CVE-2017-3169": {
"id": "CVE-2017-3169",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99134",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-476"
},
"CVE-2017-7679": {
"id": "CVE-2017-7679",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99170",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99170",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-126"
},
"CVE-2017-9788": {
"id": "CVE-2017-9788",
"references": [
"http://www.debian.org/security/2017/dsa-3913",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99569",
"http://www.securitytracker.com/id/1038906",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://httpd.apache.org/security/vulnerabilities_22.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20170911-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3913",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99569",
"http://www.securitytracker.com/id/1038906",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://httpd.apache.org/security/vulnerabilities_22.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20170911-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.1,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-20"
},
"CVE-2017-9798": {
"id": "CVE-2017-9798",
"references": [
"http://openwall.com/lists/oss-security/2017/09/18/2",
"http://www.debian.org/security/2017/dsa-3980",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/100872",
"http://www.securityfocus.com/bid/105598",
"http://www.securitytracker.com/id/1039387",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"https://github.com/hannob/optionsbleed",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0003/",
"https://support.apple.com/HT208331",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"https://www.exploit-db.com/exploits/42745/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09",
"http://openwall.com/lists/oss-security/2017/09/18/2",
"http://www.debian.org/security/2017/dsa-3980",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/100872",
"http://www.securityfocus.com/bid/105598",
"http://www.securitytracker.com/id/1039387",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"https://github.com/hannob/optionsbleed",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0003/",
"https://support.apple.com/HT208331",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"https://www.exploit-db.com/exploits/42745/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-416"
},
"CVE-2018-1301": {
"id": "CVE-2018-1301",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-119"
},
"CVE-2018-1302": {
"id": "CVE-2018-1302",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2018-1303": {
"id": "CVE-2018-1303",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2018-15473": {
"id": "CVE-2018-15473",
"references": [
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"http://www.openwall.com/lists/oss-security/2018/08/15/5",
"http://www.securityfocus.com/bid/105140",
"http://www.securitytracker.com/id/1041487",
"https://access.redhat.com/errata/RHSA-2019:0711",
"https://access.redhat.com/errata/RHSA-2019:2143",
"https://bugs.debian.org/906236",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0",
"https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011",
"https://security.gentoo.org/glsa/201810-03",
"https://security.netapp.com/advisory/ntap-20181101-0001/",
"https://usn.ubuntu.com/3809-1/",
"https://www.debian.org/security/2018/dsa-4280",
"https://www.exploit-db.com/exploits/45210/",
"https://www.exploit-db.com/exploits/45233/",
"https://www.exploit-db.com/exploits/45939/",
"https://www.oracle.com/security-alerts/cpujan2020.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-362"
},
"CVE-2018-20685": {
"id": "CVE-2018-20685",
"references": [
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://www.securityfocus.com/bid/106531",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
"https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://security.gentoo.org/glsa/201903-16",
"https://security.gentoo.org/glsa/202007-53",
"https://security.netapp.com/advisory/ntap-20190215-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"weakness": "CWE-863"
},
"CVE-2019-6109": {
"id": "CVE-2019-6109",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-116"
},
"CVE-2019-6110": {
"id": "CVE-2019-6110",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://www.exploit-db.com/exploits/46193/"
],
"score": 6.8,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"weakness": "CWE-838"
},
"CVE-2019-6111": {
"id": "CVE-2019-6111",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/1",
"http://www.openwall.com/lists/oss-security/2022/08/02/1",
"http://www.securityfocus.com/bid/106741",
"https://access.redhat.com/errata/RHSA-2019:3702",
"https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
"https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
"https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
"https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
"https://security.gentoo.org/glsa/201903-16",
"https://security.netapp.com/advisory/ntap-20190213-0001/",
"https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"https://usn.ubuntu.com/3885-1/",
"https://usn.ubuntu.com/3885-2/",
"https://www.debian.org/security/2019/dsa-4387",
"https://www.exploit-db.com/exploits/46193/",
"https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-22"
},
"CVE-2020-15778": {
"id": "CVE-2020-15778",
"references": [
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html",
"https://access.redhat.com/errata/RHSA-2024:3166",
"https://github.com/cpandya2909/CVE-2020-15778/",
"https://news.ycombinator.com/item?id=25005567",
"https://security.gentoo.org/glsa/202212-06",
"https://security.netapp.com/advisory/ntap-20200731-0007/",
"https://www.openssh.com/security.html"
],
"score": 7.8,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \"anomalous argument transfers\" because that could \"stand a great chance of breaking existing workflows.\"",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"weakness": "CWE-78"
},
"CVE-2021-34798": {
"id": "CVE-2021-34798",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-36368": {
"id": "CVE-2021-36368",
"references": [
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html",
"https://bugzilla.mindrot.org/show_bug.cgi?id=3316",
"https://docs.ssh-mitm.at/trivialauth.html",
"https://github.com/openssh/openssh-portable/pull/258",
"https://security-tracker.debian.org/tracker/CVE-2021-36368",
"https://www.openssh.com/security.html"
],
"score": 3.7,
"services": [
"22/ssh"
],
"severity": "low",
"summary": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is \"this is not an authentication bypass, since nothing is being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-287"
},
"CVE-2021-39275": {
"id": "CVE-2021-39275",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2021-40438": {
"id": "CVE-2021-40438",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 9,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-918"
},
"CVE-2021-44790": {
"id": "CVE-2021-44790",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2022-22719": {
"id": "CVE-2022-22719",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-665"
},
"CVE-2022-22720": {
"id": "CVE-2022-22720",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-22721": {
"id": "CVE-2022-22721",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.1,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-28330": {
"id": "CVE-2022-28330",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-125"
},
"CVE-2022-28614": {
"id": "CVE-2022-28614",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-190"
},
"CVE-2022-28615": {
"id": "CVE-2022-28615",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.1,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-190"
},
"CVE-2022-29404": {
"id": "CVE-2022-29404",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2022-30556": {
"id": "CVE-2022-30556",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2022-31813": {
"id": "CVE-2022-31813",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.8,
"services": [
"8087/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-348"
},
"CVE-2022-37436": {
"id": "CVE-2022-37436",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 5.3,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-113"
},
"CVE-2023-31122": {
"id": "CVE-2023-31122",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2023-38408": {
"id": "CVE-2023-38408",
"references": [
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408",
"http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html",
"http://www.openwall.com/lists/oss-security/2023/07/20/1",
"http://www.openwall.com/lists/oss-security/2023/07/20/2",
"http://www.openwall.com/lists/oss-security/2023/09/22/11",
"http://www.openwall.com/lists/oss-security/2023/09/22/9",
"https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent",
"https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8",
"https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d",
"https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca",
"https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/",
"https://news.ycombinator.com/item?id=36790196",
"https://security.gentoo.org/glsa/202307-01",
"https://security.netapp.com/advisory/ntap-20230803-0010/",
"https://support.apple.com/kb/HT213940",
"https://www.openssh.com/security.html",
"https://www.openssh.com/txt/release-9.3p2",
"https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt",
"https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408"
],
"score": 9.8,
"services": [
"22/ssh"
],
"severity": "critical",
"summary": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-428"
},
"CVE-2023-45802": {
"id": "CVE-2023-45802",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 5.9,
"services": [
"8087/http"
],
"severity": "medium",
"summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.nnThis was found by the reporter during testing ofxa0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.nnUsers are recommended to upgrade to version 2.4.58, which fixes the issue.n",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2023-48795": {
"id": "CVE-2023-48795",
"references": [
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt",
"http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/18/3",
"http://www.openwall.com/lists/oss-security/2023/12/19/5",
"http://www.openwall.com/lists/oss-security/2023/12/20/3",
"http://www.openwall.com/lists/oss-security/2024/03/06/3",
"http://www.openwall.com/lists/oss-security/2024/04/17/8",
"https://access.redhat.com/security/cve/cve-2023-48795",
"https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
"https://bugs.gentoo.org/920280",
"https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
"https://bugzilla.suse.com/show_bug.cgi?id=1217950",
"https://crates.io/crates/thrussh/versions",
"https://filezilla-project.org/versions.php",
"https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
"https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
"https://github.com/NixOS/nixpkgs/pull/275249",
"https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
"https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
"https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
"https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
"https://github.com/advisories/GHSA-45x7-px36-x8w8",
"https://github.com/apache/mina-sshd/issues/445",
"https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
"https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
"https://github.com/cyd01/KiTTY/issues/520",
"https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
"https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
"https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
"https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
"https://github.com/hierynomus/sshj/issues/916",
"https://github.com/janmojzis/tinyssh/issues/81",
"https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
"https://github.com/libssh2/libssh2/pull/1291",
"https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
"https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
"https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
"https://github.com/mwiede/jsch/issues/457",
"https://github.com/mwiede/jsch/pull/461",
"https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
"https://github.com/openssh/openssh-portable/commits/master",
"https://github.com/paramiko/paramiko/issues/2337",
"https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
"https://github.com/proftpd/proftpd/issues/456",
"https://github.com/rapier1/hpn-ssh/releases",
"https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
"https://github.com/ronf/asyncssh/tags",
"https://github.com/ssh-mitm/ssh-mitm/issues/165",
"https://github.com/warp-tech/russh/releases/tag/v0.40.2",
"https://gitlab.com/libssh/libssh-mirror/-/tags",
"https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
"https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
"https://help.panic.com/releasenotes/transmit5/",
"https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
"https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
"https://matt.ucc.asn.au/dropbear/CHANGES",
"https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
"https://news.ycombinator.com/item?id=38684904",
"https://news.ycombinator.com/item?id=38685286",
"https://news.ycombinator.com/item?id=38732005",
"https://nova.app/releases/#v11.8",
"https://oryx-embedded.com/download/#changelog",
"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
"https://roumenpetrov.info/secsh/#news20231220",
"https://security-tracker.debian.org/tracker/CVE-2023-48795",
"https://security-tracker.debian.org/tracker/source-package/libssh2",
"https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
"https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
"https://security.gentoo.org/glsa/202312-16",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0004/",
"https://support.apple.com/kb/HT214084",
"https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
"https://twitter.com/TrueSkrillor/status/1736774389725565005",
"https://ubuntu.com/security/CVE-2023-48795",
"https://winscp.net/eng/docs/history#6.2.2",
"https://www.bitvise.com/ssh-client-version-history#933",
"https://www.bitvise.com/ssh-server-version-history",
"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
"https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.debian.org/security/2023/dsa-5588",
"https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
"https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
"https://www.netsarang.com/en/xshell-update-history/",
"https://www.openssh.com/openbsd.html",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"https://www.openwall.com/lists/oss-security/2023/12/20/3",
"https://www.paramiko.org/changelog.html",
"https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
"https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
"https://www.terrapin-attack.com",
"https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
"https://www.vandyke.com/products/securecrt/history.txt",
"https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit",
"https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
],
"score": 5.9,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-354"
},
"CVE-2023-51384": {
"id": "CVE-2023-51384",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 5.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2023-51385": {
"id": "CVE-2023-51385",
"references": [
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2",
"http://seclists.org/fulldisclosure/2024/Mar/21",
"http://www.openwall.com/lists/oss-security/2023/12/26/4",
"https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a",
"https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
"https://security.gentoo.org/glsa/202312-17",
"https://security.netapp.com/advisory/ntap-20240105-0005/",
"https://support.apple.com/kb/HT214084",
"https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html",
"https://www.debian.org/security/2023/dsa-5586",
"https://www.openssh.com/txt/release-9.6",
"https://www.openwall.com/lists/oss-security/2023/12/18/2"
],
"score": 6.5,
"services": [
"22/ssh"
],
"severity": "medium",
"summary": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"weakness": "CWE-78"
},
"CVE-2023-51767": {
"id": "CVE-2023-51767",
"references": [
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767",
"https://access.redhat.com/security/cve/CVE-2023-51767",
"https://arxiv.org/abs/2309.02545",
"https://bugzilla.redhat.com/show_bug.cgi?id=2255850",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77",
"https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878",
"https://security.netapp.com/advisory/ntap-20240125-0006/",
"https://ubuntu.com/security/CVE-2023-51767"
],
"score": 7,
"services": [
"22/ssh"
],
"severity": "high",
"summary": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
"vector_string": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-Other"
},
"CVE-2024-40898": {
"id": "CVE-2024-40898",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2024/07/17/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240808-0006/"
],
"score": 7.5,
"services": [
"8087/http"
],
"severity": "high",
"summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. ",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-918"
}
}
}