{
  "scan_id": 1748787635,
  "ip": "177.11.14.16",
  "is_ipv4": true,
  "is_ipv6": false,
  "location": {
    "network": "177.11.12.0/22",
    "postal_code": "06500",
    "coordinates": {
      "latitude": "-23.4418",
      "longitude": "-46.9157"
    },
    "geo_point": "-23.4418, -46.9157",
    "locale_code": "en",
    "continent": "South America",
    "country_code": "BR",
    "country_name": "Brazil",
    "city": "Santana de Parnaíba"
  },
  "location_updated_at": "2025-06-01T16:41:32Z",
  "asn": {
    "number": "AS262277",
    "organization": "ADV NET SOLUTION INFORMATICA LTDA EPP",
    "country_code": "BR"
  },
  "asn_updated_at": "0001-01-01T00:00:00Z",
  "whois": {
    "network": "",
    "organization": "",
    "descr": "",
    "_encoding": {
      "raw": ""
    }
  },
  "whois_updated_at": "0001-01-01T00:00:00Z",
  "tags": [
    {
      "name": "is_anonymous_proxy",
      "pretty_name": "Anonymous Proxy",
      "value": false,
      "last_updated_at": "2025-06-01T16:41:32Z"
    },
    {
      "name": "is_cdn",
      "pretty_name": "CDN",
      "value": false,
      "last_updated_at": "2025-06-01T19:24:16Z"
    },
    {
      "name": "is_satellite_provider",
      "pretty_name": "Satellite Provider",
      "value": false,
      "last_updated_at": "2025-06-01T16:41:32Z"
    }
  ],
  "services": [
    {
      "port": 443,
      "protocol": "tcp",
      "name": "http",
      "version": "2.2.22",
      "product": "Apache httpd",
      "extra_info": "(Debian)",
      "tunnel": "ssl",
      "softwares": [
        {
          "uri": "cpe:/a:apache:http_server:2.2.22",
          "part": "a",
          "vendor": "apache",
          "product": "http_server",
          "version": "2\\.2\\.22",
          "language": "ANY",
          "edition": "ANY",
          "update": "ANY"
        }
      ],
      "modules": {
        "http": {
          "body": "<!DOCTYPE html>\n<html>\n<head>\n    \n    \n\n    <meta charset=\"utf-8\"/>\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge\" />\n    <title>Logon - SINEMA Remote Connect</title>\n\n    <link rel=\"stylesheet\" href=\"/static/css/normalize.css\"/>\n    <link rel=\"stylesheet\" href=\"/static/css/layout.css\"/>\n    <link rel=\"stylesheet\" href=\"/static/css/login.css\"/>\n    <link rel=\"stylesheet\" href=\"/static/css/font-awesome.css\"/>\n\n    <script type=\"text/javascript\" src=\"/static/js/jquery.js\"></script>\n    <script type=\"text/javascript\" src=\"/static/js/sinemarc.js\"></script>\n</head>\n<body>\n\n    \n\n\n\n<div class=\"header clearfix\">\n    <img src=\"/static/img/logo.gif\" alt=\"SIEMENS\" class=\"logo\"/>\n    <span class=\"product-name\">SINEMA Remote Connect</span>\n\n    <div class=\"language-selector\">\n        <form action=\"/i18n/setlang/\" method=\"POST\">\n            <input type='hidden' name='csrfmiddlewaretoken' value='Czs0aNHLtKlRC4q4qhNbbvrSCwpxDomx' />\n\n            <label for=\"id_language_selector\">Language</label>:\n            <select id=\"id_language_selector\" name=\"language\" onChange=\"submit()\">\n                \n                \n                    <option value=\"de\">\n                        Deutsch\n                    </option>\n                \n                    <option value=\"en\" selected=\"selected\">\n                        English\n                    </option>\n                \n            </select>\n        </form>\n    </div>\n\n    <div class=\"clock\">1748872423#en#0#</div>\n\n    <div class=\"online-help\">\n        <a href=\"#\" onClick=\"openHelpWindow('/static/help/en/login_help.htm');\">Help<i class=\"fa fa-question-circle fa-fw\"></i></a>\n    </div>\n</div>\n\n\n    <div class=\"content\">\n\n        <form action=\"/wbm/login/\" method=\"POST\" class=\"login-form\">\n            <input type='hidden' name='csrfmiddlewaretoken' value='Czs0aNHLtKlRC4q4qhNbbvrSCwpxDomx' />\n            <input id=\"id_utcoffset\" name=\"utcoffset\" type=\"hidden\" value=\"0\"/>\n\n            <div class=\"form-row\">\n                <label for=\"id_username\">User name:</label>\n                <input id=\"id_username\" maxlength=\"254\" name=\"username\" type=\"text\" />\n            </div>\n\n            <div class=\"form-row\">\n                <label for=\"id_password\">Password:</label>\n                <input id=\"id_password\" name=\"password\" type=\"password\" autocomplete=\"off\"/>\n            </div>\n\n            \n\n            <div class=\"form-row\">\n                <label for=\"id_submit\">&nbsp;</label>\n                <button id=\"id_submit\" type=\"submit\"><span class=\"button\">Log on</span></button>\n            </div>\n        </form>\n\n        \n\n    </div>\n\n    <script type=\"text/javascript\">\n    <!--\n\n    var d = new Date();\n    $(\"#id_utcoffset\").prop('value', d.getTimezoneOffset() * -1);\n\n    var usernameInput = $(\"#id_username\");\n    usernameInput.focus().val(usernameInput.val());\n\n    -->\n    </script>\n</body>\n</html>\n",
          "body_murmur": -1537999159,
          "body_sha256": "badb1f0835283bc638507a1351eff44fc40304ceee6e4df7ebae8bd23f04e6bf",
          "component": [
            "Apache HTTP Server:2.2.22",
            "Debian",
            "Django",
            "Python"
          ],
          "content_length": -1,
          "headers": {
            "cache_control": [
              "max-age=0"
            ],
            "content_language": [
              "en"
            ],
            "content_type": [
              "text/html; charset=utf-8"
            ],
            "date": [
              "Mon, 02 Jun 2025 13:53:43 GMT"
            ],
            "expires": [
              "Mon, 02 Jun 2025 13:53:43 GMT"
            ],
            "last_modified": [
              "Mon, 02 Jun 2025 13:53:43 GMT"
            ],
            "server": [
              "Apache/2.2.22 (Debian)"
            ],
            "set_cookie": [
              "csrftoken=Czs0aNHLtKlRC4q4qhNbbvrSCwpxDomx; expires=Mon, 01-Jun-2026 13:53:43 GMT; httponly; Max-Age=31449600; Path=/; secure",
              "sessionid=89hbq4ak4jndnvnx3q8bsoz273dvqlsv; httponly; Path=/; secure"
            ],
            "vary": [
              "Cookie,Accept-Language,Accept-Encoding"
            ]
          },
          "protocol": "HTTP/1.1",
          "redirects": [
            {
              "content_length": -1,
              "headers": {
                "content_language": [
                  "en"
                ],
                "content_type": [
                  "text/html; charset=utf-8"
                ],
                "date": [
                  "Mon, 02 Jun 2025 13:53:43 GMT"
                ],
                "location": [
                  "https://177.11.14.16/wbm/login/"
                ],
                "server": [
                  "Apache/2.2.22 (Debian)"
                ],
                "vary": [
                  "Accept-Language,Cookie,Accept-Encoding"
                ]
              },
              "location": "https://177.11.14.16/wbm/login/",
              "protocol": "HTTP/1.1",
              "status_code": 302,
              "status_line": "302 FOUND"
            }
          ],
          "request": {
            "headers": {
              "accept": [
                "*/*"
              ],
              "referer": [
                "https://177.11.14.16"
              ],
              "user_agent": [
                "Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
              ]
            },
            "method": "GET",
            "url": {
              "host": "177.11.14.16",
              "path": "/wbm/login/",
              "scheme": "https"
            }
          },
          "status_code": 200,
          "title": "Logon - SINEMA Remote Connect"
        },
        "tls": {
          "certificate": {
            "extensions": {
              "basic_constraints": {
                "is_ca": true
              },
              "extended_key_usage": {
                "any": false,
                "apple_code_signing": false,
                "apple_code_signing_development": false,
                "apple_code_signing_third_party": false,
                "apple_crypto_development_env": false,
                "apple_crypto_env": false,
                "apple_crypto_maintenance_env": false,
                "apple_crypto_production_env": false,
                "apple_crypto_qos": false,
                "apple_crypto_test_env": false,
                "apple_crypto_tier0_qos": false,
                "apple_crypto_tier1_qos": false,
                "apple_crypto_tier2_qos": false,
                "apple_crypto_tier3_qos": false,
                "apple_ichat_encryption": false,
                "apple_ichat_signing": false,
                "apple_resource_signing": false,
                "apple_software_update_signing": false,
                "apple_system_identity": false,
                "client_auth": false,
                "code_signing": false,
                "dvcs": false,
                "eap_over_lan": false,
                "eap_over_ppp": false,
                "email_protection": false,
                "ipsec_end_system": false,
                "ipsec_intermediate_system_usage": false,
                "ipsec_tunnel": false,
                "ipsec_user": false,
                "microsoft_ca_exchange": false,
                "microsoft_cert_trust_list_signing": false,
                "microsoft_csp_signature": false,
                "microsoft_document_signing": false,
                "microsoft_drm": false,
                "microsoft_drm_individualization": false,
                "microsoft_efs_recovery": false,
                "microsoft_embedded_nt_crypto": false,
                "microsoft_encrypted_file_system": false,
                "microsoft_enrollment_agent": false,
                "microsoft_kernel_mode_code_signing": false,
                "microsoft_key_recovery_21": false,
                "microsoft_key_recovery_3": false,
                "microsoft_license_server": false,
                "microsoft_licenses": false,
                "microsoft_lifetime_signing": false,
                "microsoft_mobile_device_software": false,
                "microsoft_nt5_crypto": false,
                "microsoft_oem_whql_crypto": false,
                "microsoft_qualified_subordinate": false,
                "microsoft_root_list_signer": false,
                "microsoft_server_gated_crypto": false,
                "microsoft_sgc_serialized": false,
                "microsoft_smart_display": false,
                "microsoft_smartcard_logon": false,
                "microsoft_system_health": false,
                "microsoft_system_health_loophole": false,
                "microsoft_timestamp_signing": false,
                "microsoft_whql_crypto": false,
                "netscape_server_gated_crypto": false,
                "ocsp_signing": false,
                "sbgp_cert_aa_service_auth": false,
                "server_auth": true,
                "time_stamping": false
              },
              "key_usage": {
                "certificate_sign": false,
                "content_commitment": false,
                "crl_sign": false,
                "data_encipherment": false,
                "decipher_only": false,
                "digital_signature": true,
                "encipher_only": false,
                "key_agreement": false,
                "key_encipherment": true
              },
              "subject_alt_name": {
                "ip_address": [
                  "177.11.14.16",
                  "192.168.0.16"
                ]
              }
            },
            "fingerprint_md5": "6E58BD172F0C80D2B6BC452560172805",
            "fingerprint_sha1": "01502EB99CA60F6F66CFB92E490CB29E5D59CDAA",
            "fingerprint_sha256": "163E458C0BDF42C2AE1E0E581DF1B60F427C428DD0EEDF9F3F7006015B4E86E3",
            "issuer": {
              "common_name": [
                "CA 000001 SINEMA RC"
              ]
            },
            "issuer_dn": "/CN=CA 000001 SINEMA RC",
            "jarm": "00000000000000000000000000000000000000000000000000000000000000",
            "redacted": false,
            "revocation": {
              "ocsp": {
                "reason": "UNKNOWN",
                "revoked": false
              }
            },
            "serial_number": "146",
            "signature": {
              "algorithm": {
                "name": "SHA256-RSA",
                "oid": "1.2.840.113549.1.1.11"
              },
              "self_signed": false,
              "value": "MGNhY2M0ZDllYmQ0ZTM1ODcwOTZhOWM2ODk2ZjNkMTVjNjhiNjMxNzJlNGJmOWE1YWQ4MTdiYTk1YzhlZGQzZDQwNzFlZmJlNTBiMWFjZWFkNTBjM2I0MTQyY2MyMmFhMTg2MzZmNWFlN2FjODMwNzFhYzQ5YWFkMjc3MDA5YWRlOTBiMTU0ZDZmZmVjZGM0ZmZjZDJkZjA0N2M3ZjFkYTBlMGFhMTM2ODU2OGU0YmVlNTFlMGExMmZlYWVjNzAxMWUyMGJjNjIwMjYxNWZkOTZlNDQzYWI1NWZjZTU3OTY3ZDNkMGRjNWFhZDMzNWI1Mjk2M2YzYWQyMWI0ZDVmZmUzNjI2ZDY4OWVlNjEwNzEzNTYxYzJmMTNjOWM3NzZmMzhmOGJiOWUwYzNlZTQ2MGEyMmJhN2ZkNWFhYzczY2UzNWE1NjQwOWI0ZDM3ZWUxODkzNWFkMmZlYWQ0MGQ2MzY2YjRiN2VjM2NhZjcwZWQ1OGMzYmZkOTU2OTY0Mjg5ZGZhMzU5MTk2ODBmYTYxNmM4MjVlMjAzZmI5OTEwNzlkMzE3NDc0OTFlZTZhNzJlYmFjMDYwNzMwMTk1ZTZjYzI1M2JjYTY5NTA4ZDRmYTE3YmE5YmNhYjgyMTk4Mjk2N2M5NTBmMTA1MTY5NDJhYWJlMmQxNTAzMmNjNjM2ZTc="
            },
            "subject": {
              "common_name": [
                "192.168.0.16"
              ]
            },
            "subject_alt_name": {
              "dns_names": [
                "192.168.0.16"
              ],
              "extended_dns_names": []
            },
            "subject_dn": "/CN=192.168.0.16",
            "subject_key_info": {
              "_key": "rsa",
              "dh": [],
              "dsa": [],
              "ecdsa": [],
              "fingerprint_sha256": "6056d4b5409ba4b8edcf9366a98b1d91484ea104a33b7370e77e800101ce0fd9",
              "key_algorithm": "RSA",
              "rsa": {
                "exponent": 65537,
                "length": 2048,
                "modulus": "MHhmYjM4Yzg2YzVmMzU2NGMyZTJkM2Y0MDYxZDk5OWI3ZGMxMjUyODkyOWJiOTU2ODEzOGIwMjU4MjEyNjc4ZWQ3NWIxNWEzMTFkYmVjMmYzMmY0YjZkZGZlNThiZDMzZjQyNTMzMzU2OTZhYjZmMzVhN2E5NmZmYjQ1NDVlZjIwNTI5NzU3ODExZTI3NjEyNjM3YzlmYTRkZjQ1NTRlNjczMDBiZTUzYmI2ZGQzZjc4ODQxYTJhY2MxNTA0MjM5NDg4OTg0ZTQyZjc5Y2U4ZTkyYjEwYWQ5NzAxYzIzMDQ1MTAwOTNhYTIzODAwZjRkNmQxMzUyMDcxYzFmNjRhMTc1YjMzMTQxOGQyMDkwMTViNzk3NDczNjExYzg0NzQ5NjIzZmUzMjlkNzI1MjgxMjU2NmY5NzIwYjc3ZTkwMGFhMzNhODc3ZGFkOWI5YmJmNzk0N2NmNWJmMTkzNzJkMTdlOWNjNmJhMTQ2NjIwNWZkZjlhZTkxMDg5ODAzMjU0ZTk4NDZjZmM5NDNiZWU3ZWFmNDFkOGM2M2Q3OGM3OTllOWQ4OWUwZjJiYzBkOTBkNzQ2ZTE4ZmRkNzk3ZmY0MWY0NjhlMmVlNWVkMGViZjlhZjBiMDNkNmYzYWU5NzY5NjM2Zjk5NDNlZDI1NTlkNmM2M2RjZWExNmY0MmM4N2M3NQ=="
              }
            },
            "tbs_fingerprint": "db7f240baa79a9d9525b5d1596c4ccc61d27b13ba2b8eb0da991f2949d442991",
            "validation_level": "DV",
            "validity": {
              "length_seconds": 31708800,
              "not_after": "2026-05-15T21:07:57",
              "not_before": "2025-05-13T21:07:57"
            },
            "version": 2
          },
          "fingerprint_sha256": "163E458C0BDF42C2AE1E0E581DF1B60F427C428DD0EEDF9F3F7006015B4E86E3",
          "precert": false,
          "raw": "MIIC+jCCAeKgAwIBAgICAJIwDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAwwTQ0EgMDAwMDAxIFNJTkVNQSBSQzAeFw0yNTA1MTMyMTA3NTdaFw0yNjA1MTUyMTA3NTdaMBcxFTATBgNVBAMMDDE5Mi4xNjguMC4xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPs4yGxfNWTC4tP0Bh2Zm33BJSiSm7lWgTiwJYISZ47XWxWjEdvsLzL0tt3+WL0z9CUzNWlqtvNaepb/tFRe8gUpdXgR4nYSY3yfpN9FVOZzAL5Tu23T94hBoqzBUEI5SImE5C95zo6SsQrZcBwjBFEAk6ojgA9NbRNSBxwfZKF1szFBjSCQFbeXRzYRyEdJYj/jKdclKBJWb5cgt36QCqM6h32tm5u/eUfPW/GTctF+nMa6FGYgX9+a6RCJgDJU6YRs/JQ77n6vQdjGPXjHmenYng8rwNkNdG4Y/deX/0H0aOLuXtDr+a8LA9bzrpdpY2+ZQ+0lWdbGPc6hb0LIfHUCAwEAAaNJMEcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGAYDVR0RAQH/BA4wDIcEsQsOEIcEwKgAEDANBgkqhkiG9w0BAQsFAAOCAQEADKzE2evU41hwlqnGiW89FcaLYxcuS/mlrYF7qVyO3T1Ace++ULGs6tUMO0FCzCKqGGNvWuesgwcaxJqtJ3AJrekLFU1v/s3E/80t8EfH8doOCqE2hWjkvuUeChL+rscBHiC8YgJhX9luRDq1X85Xln09DcWq0zW1KWPzrSG01f/jYm1onuYQcTVhwvE8nHdvOPi7ngw+5GCiK6f9WqxzzjWlZAm0037hiTWtL+rUDWNmtLfsPK9w7VjDv9lWlkKJ36NZGWgPphbIJeID+5kQedMXR0ke5qcuusBgcwGV5swlO8ppUI1PoXupvKuCGYKWfJUPEFFpQqq+LRUDLMY25w==",
          "tags": [
            "dv",
            "trusted"
          ]
        }
      },
      "cve": [
        {
          "id": "CVE-2006-20001",
          "score": 7.5,
          "severity": "high"
        },
        {
          "id": "CVE-2008-0455",
          "score": 4.3,
          "severity": "medium"
        },
        {
          "id": "CVE-2012-0883",
          "score": 6.9,
          "severity": "medium"
        }
      ],
      "url": "https://177.11.14.16/",
      "_meta": {
        "name": "",
        "desc": "",
        "category": ""
      },
      "last_updated_at": "2025-06-02T13:53:48.593Z"
    }
  ],
  "services_hash": "340c7e66bad3b857652f744fb4637d5d3bae7d4d3a8e7138d50d397deb39f7f1",
  "last_updated_at": "2025-06-02T13:53:48.593Z",
  "banner": [
    "http",
    "tls"
  ],
  "is_vuln": true,
  "cveDetails": {
    "CVE-2006-20001": {
      "id": "CVE-2006-20001",
      "references": [
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.gentoo.org/glsa/202309-01",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.gentoo.org/glsa/202309-01",
        "https://security.netapp.com/advisory/ntap-20230316-0005/"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-787"
    },
    "CVE-2008-0455": {
      "id": "CVE-2008-0455",
      "references": [
        "http://rhn.redhat.com/errata/RHSA-2012-1591.html",
        "http://rhn.redhat.com/errata/RHSA-2012-1592.html",
        "http://rhn.redhat.com/errata/RHSA-2012-1594.html",
        "http://rhn.redhat.com/errata/RHSA-2013-0130.html",
        "http://secunia.com/advisories/29348",
        "http://secunia.com/advisories/51607",
        "http://security.gentoo.org/glsa/glsa-200803-19.xml",
        "http://securityreason.com/securityalert/3575",
        "http://securitytracker.com/id?1019256",
        "http://www.mindedsecurity.com/MSA01150108.html",
        "http://www.securityfocus.com/archive/1/486847/100/0/threaded",
        "http://www.securityfocus.com/bid/27409",
        "https://exchange.xforce.ibmcloud.com/vulnerabilities/39867",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
      ],
      "score": 4.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.",
      "vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "weakness": "CWE-79"
    },
    "CVE-2012-0883": {
      "id": "CVE-2012-0883",
      "references": [
        "http://article.gmane.org/gmane.comp.apache.devel/48158",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
        "http://marc.info/?l=bugtraq&m=134012830914727&w=2",
        "http://secunia.com/advisories/48849",
        "http://support.apple.com/kb/HT5880",
        "http://svn.apache.org/viewvc?view=revision&revision=1296428",
        "http://www.apache.org/dist/httpd/Announcement2.4.html",
        "http://www.apachelounge.com/Changelog-2.4.html",
        "http://www.securityfocus.com/bid/53046",
        "http://www.securitytracker.com/id?1026932",
        "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
        "https://exchange.xforce.ibmcloud.com/vulnerabilities/74901",
        "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
      ],
      "score": 6.9,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.",
      "vector_string": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2012-2687": {
      "id": "CVE-2012-2687",
      "references": [
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
        "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://rhn.redhat.com/errata/RHSA-2012-1591.html",
        "http://rhn.redhat.com/errata/RHSA-2012-1592.html",
        "http://rhn.redhat.com/errata/RHSA-2012-1594.html",
        "http://rhn.redhat.com/errata/RHSA-2013-0130.html",
        "http://secunia.com/advisories/50894",
        "http://secunia.com/advisories/51607",
        "http://support.apple.com/kb/HT5880",
        "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f",
        "http://www.apache.org/dist/httpd/CHANGES_2.4.3",
        "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
        "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
        "http://www.securityfocus.com/bid/55131",
        "http://www.ubuntu.com/usn/USN-1627-1",
        "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html",
        "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
        "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://rhn.redhat.com/errata/RHSA-2012-1591.html",
        "http://rhn.redhat.com/errata/RHSA-2012-1592.html",
        "http://rhn.redhat.com/errata/RHSA-2012-1594.html",
        "http://rhn.redhat.com/errata/RHSA-2013-0130.html",
        "http://secunia.com/advisories/50894",
        "http://secunia.com/advisories/51607",
        "http://support.apple.com/kb/HT5880",
        "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f",
        "http://www.apache.org/dist/httpd/CHANGES_2.4.3",
        "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
        "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
        "http://www.securityfocus.com/bid/55131",
        "http://www.ubuntu.com/usn/USN-1627-1",
        "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539"
      ],
      "score": 2.6,
      "services": [
        "443/http"
      ],
      "severity": "low",
      "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.",
      "vector_string": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "weakness": "CWE-79"
    },
    "CVE-2012-3499": {
      "id": "CVE-2012-3499",
      "references": [
        "http://httpd.apache.org/security/vulnerabilities_22.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://rhn.redhat.com/errata/RHSA-2013-0815.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1207.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1208.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1209.html",
        "http://secunia.com/advisories/55032",
        "http://support.apple.com/kb/HT5880",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h",
        "http://www.debian.org/security/2013/dsa-2637",
        "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
        "http://www.securityfocus.com/bid/58165",
        "http://www.securityfocus.com/bid/64758",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312",
        "http://httpd.apache.org/security/vulnerabilities_22.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://rhn.redhat.com/errata/RHSA-2013-0815.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1207.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1208.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1209.html",
        "http://secunia.com/advisories/55032",
        "http://support.apple.com/kb/HT5880",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h",
        "http://www.debian.org/security/2013/dsa-2637",
        "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
        "http://www.securityfocus.com/bid/58165",
        "http://www.securityfocus.com/bid/64758",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312"
      ],
      "score": 4.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
      "vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "weakness": "CWE-79"
    },
    "CVE-2012-4558": {
      "id": "CVE-2012-4558",
      "references": [
        "http://httpd.apache.org/security/vulnerabilities_22.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://rhn.redhat.com/errata/RHSA-2013-0815.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1207.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1208.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1209.html",
        "http://support.apple.com/kb/HT5880",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h",
        "http://www.debian.org/security/2013/dsa-2637",
        "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
        "http://www.securityfocus.com/bid/58165",
        "http://www.securityfocus.com/bid/64758",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977",
        "http://httpd.apache.org/security/vulnerabilities_22.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
        "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://marc.info/?l=bugtraq&m=136612293908376&w=2",
        "http://rhn.redhat.com/errata/RHSA-2013-0815.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1207.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1208.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1209.html",
        "http://support.apple.com/kb/HT5880",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h",
        "http://www.debian.org/security/2013/dsa-2637",
        "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
        "http://www.securityfocus.com/bid/58165",
        "http://www.securityfocus.com/bid/64758",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977"
      ],
      "score": 4.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
      "vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "weakness": "CWE-79"
    },
    "CVE-2013-1862": {
      "id": "CVE-2013-1862",
      "references": [
        "http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
        "http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
        "http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
        "http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch",
        "http://rhn.redhat.com/errata/RHSA-2013-0815.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1207.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1208.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1209.html",
        "http://secunia.com/advisories/55032",
        "http://support.apple.com/kb/HT6150",
        "http://svn.apache.org/viewvc?view=revision&revision=r1469311",
        "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
        "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2013:174",
        "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
        "http://www.securityfocus.com/bid/59826",
        "http://www.securityfocus.com/bid/64758",
        "http://www.ubuntu.com/usn/USN-1903-1",
        "https://bugzilla.redhat.com/show_bug.cgi?id=953729",
        "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
        "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534"
      ],
      "score": 5.1,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.",
      "vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2013-1896": {
      "id": "CVE-2013-1896",
      "references": [
        "http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
        "http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
        "http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1156.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1207.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1208.html",
        "http://rhn.redhat.com/errata/RHSA-2013-1209.html",
        "http://secunia.com/advisories/55032",
        "http://support.apple.com/kb/HT6150",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?view=log",
        "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1896",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
        "http://www.apache.org/dist/httpd/Announcement2.2.html",
        "http://www.securityfocus.com/bid/61129",
        "http://www.ubuntu.com/usn/USN-1903-1",
        "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18835",
        "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19747"
      ],
      "score": 4.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.",
      "vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2013-5704": {
      "id": "CVE-2013-5704",
      "references": [
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
        "http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://martin.swende.se/blog/HTTPChunked.html",
        "http://rhn.redhat.com/errata/RHSA-2015-0325.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1249.html",
        "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0061.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0062.html",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
        "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
        "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
        "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
        "http://www.securityfocus.com/bid/66550",
        "http://www.ubuntu.com/usn/USN-2523-1",
        "https://access.redhat.com/errata/RHSA-2015:2659",
        "https://access.redhat.com/errata/RHSA-2015:2660",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201504-03",
        "https://support.apple.com/HT204659",
        "https://support.apple.com/HT205219",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
        "http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://martin.swende.se/blog/HTTPChunked.html",
        "http://rhn.redhat.com/errata/RHSA-2015-0325.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1249.html",
        "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0061.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0062.html",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
        "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
        "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
        "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
        "http://www.securityfocus.com/bid/66550",
        "http://www.ubuntu.com/usn/USN-2523-1",
        "https://access.redhat.com/errata/RHSA-2015:2659",
        "https://access.redhat.com/errata/RHSA-2015:2660",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201504-03",
        "https://support.apple.com/HT204659",
        "https://support.apple.com/HT205219"
      ],
      "score": 5,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding.  NOTE: the vendor states \"this is not a security issue in httpd as such.\"",
      "vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2013-6438": {
      "id": "CVE-2013-6438",
      "references": [
        "http://advisories.mageia.org/MGASA-2014-0135.html",
        "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
        "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://marc.info/?l=bugtraq&m=141017844705317&w=2",
        "http://marc.info/?l=bugtraq&m=141390017113542&w=2",
        "http://seclists.org/fulldisclosure/2014/Dec/23",
        "http://secunia.com/advisories/58230",
        "http://secunia.com/advisories/59315",
        "http://secunia.com/advisories/59345",
        "http://secunia.com/advisories/60536",
        "http://security.gentoo.org/glsa/glsa-201408-12.xml",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
        "http://www.apache.org/dist/httpd/CHANGES_2.4.9",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
        "http://www.securityfocus.com/archive/1/534161/100/0/threaded",
        "http://www.securityfocus.com/bid/66303",
        "http://www.ubuntu.com/usn/USN-2152-1",
        "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
        "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/cve-2013-6438",
        "https://support.apple.com/HT204659",
        "https://support.apple.com/kb/HT6535"
      ],
      "score": 5,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.",
      "vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2014-0098": {
      "id": "CVE-2014-0098",
      "references": [
        "http://advisories.mageia.org/MGASA-2014-0135.html",
        "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
        "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://marc.info/?l=bugtraq&m=141017844705317&w=2",
        "http://marc.info/?l=bugtraq&m=141390017113542&w=2",
        "http://seclists.org/fulldisclosure/2014/Dec/23",
        "http://secunia.com/advisories/58230",
        "http://secunia.com/advisories/58915",
        "http://secunia.com/advisories/59219",
        "http://secunia.com/advisories/59315",
        "http://secunia.com/advisories/59345",
        "http://secunia.com/advisories/60536",
        "http://security.gentoo.org/glsa/glsa-201408-12.xml",
        "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21668973",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
        "http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
        "http://www.apache.org/dist/httpd/CHANGES_2.4.9",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
        "http://www.securityfocus.com/archive/1/534161/100/0/threaded",
        "http://www.securityfocus.com/bid/66303",
        "http://www.ubuntu.com/usn/USN-2152-1",
        "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
        "https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/cve-2014-0098",
        "https://support.apple.com/HT204659",
        "https://support.apple.com/kb/HT6535"
      ],
      "score": 5,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.",
      "vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2014-0118": {
      "id": "CVE-2014-0118",
      "references": [
        "http://advisories.mageia.org/MGASA-2014-0304.html",
        "http://advisories.mageia.org/MGASA-2014-0305.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143748090628601&w=2",
        "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://rhn.redhat.com/errata/RHSA-2014-1019.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1020.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1021.html",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353&r2=1610501&diff_format=h",
        "http://www.debian.org/security/2014/dsa-2989",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.securityfocus.com/bid/68745",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1120601",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/cve-2014-0118",
        "https://security.gentoo.org/glsa/201504-03",
        "https://support.apple.com/HT204659"
      ],
      "score": 4.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.",
      "vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
      "weakness": "CWE-400"
    },
    "CVE-2014-0226": {
      "id": "CVE-2014-0226",
      "references": [
        "http://advisories.mageia.org/MGASA-2014-0304.html",
        "http://advisories.mageia.org/MGASA-2014-0305.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143748090628601&w=2",
        "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://rhn.redhat.com/errata/RHSA-2014-1019.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1020.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1021.html",
        "http://seclists.org/fulldisclosure/2014/Jul/114",
        "http://secunia.com/advisories/60536",
        "http://security.gentoo.org/glsa/glsa-201408-12.xml",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998&r2=1610491&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989&r2=1610491&diff_format=h",
        "http://www.debian.org/security/2014/dsa-2989",
        "http://www.exploit-db.com/exploits/34133",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.osvdb.org/109216",
        "http://www.securityfocus.com/bid/68678",
        "http://zerodayinitiative.com/advisories/ZDI-14-236/",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1120603",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/cve-2014-0226",
        "https://security.gentoo.org/glsa/201504-03",
        "https://support.apple.com/HT204659",
        "https://www.povonsec.com/apache-2-4-7-exploit/"
      ],
      "score": 6.8,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",
      "vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "weakness": "CWE-362"
    },
    "CVE-2014-0231": {
      "id": "CVE-2014-0231",
      "references": [
        "http://advisories.mageia.org/MGASA-2014-0304.html",
        "http://advisories.mageia.org/MGASA-2014-0305.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143748090628601&w=2",
        "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1019.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1020.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1021.html",
        "http://secunia.com/advisories/60536",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
        "http://www.debian.org/security/2014/dsa-2989",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.securityfocus.com/bid/68742",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/cve-2014-0231",
        "https://security.gentoo.org/glsa/201504-03",
        "https://support.apple.com/HT204659",
        "http://advisories.mageia.org/MGASA-2014-0304.html",
        "http://advisories.mageia.org/MGASA-2014-0305.html",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143403519711434&w=2",
        "http://marc.info/?l=bugtraq&m=143748090628601&w=2",
        "http://marc.info/?l=bugtraq&m=144050155601375&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1019.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1020.html",
        "http://rhn.redhat.com/errata/RHSA-2014-1021.html",
        "http://secunia.com/advisories/60536",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
        "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
        "http://www.debian.org/security/2014/dsa-2989",
        "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
        "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
        "http://www.securityfocus.com/bid/68742",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/cve-2014-0231",
        "https://security.gentoo.org/glsa/201504-03",
        "https://support.apple.com/HT204659"
      ],
      "score": 5,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.",
      "vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
      "weakness": "CWE-399"
    },
    "CVE-2015-0228": {
      "id": "CVE-2015-0228",
      "references": [
        "http://advisories.mageia.org/MGASA-2015-0099.html",
        "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
        "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
        "http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1666.html",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
        "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
        "http://www.securityfocus.com/bid/73041",
        "http://www.securityfocus.com/bid/91787",
        "http://www.securitytracker.com/id/1032967",
        "http://www.ubuntu.com/usn/USN-2523-1",
        "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
        "https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://support.apple.com/HT205219",
        "https://support.apple.com/kb/HT205031",
        "http://advisories.mageia.org/MGASA-2015-0099.html",
        "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
        "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
        "http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1666.html",
        "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
        "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
        "http://www.securityfocus.com/bid/73041",
        "http://www.securityfocus.com/bid/91787",
        "http://www.securitytracker.com/id/1032967",
        "http://www.ubuntu.com/usn/USN-2523-1",
        "https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
        "https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://support.apple.com/HT205219",
        "https://support.apple.com/kb/HT205031"
      ],
      "score": 5,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.",
      "vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
      "weakness": "CWE-20"
    },
    "CVE-2015-3183": {
      "id": "CVE-2015-3183",
      "references": [
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
        "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
        "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
        "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://rhn.redhat.com/errata/RHSA-2015-1666.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1667.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1668.html",
        "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0061.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0062.html",
        "http://rhn.redhat.com/errata/RHSA-2016-2054.html",
        "http://rhn.redhat.com/errata/RHSA-2016-2055.html",
        "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
        "http://www.apache.org/dist/httpd/CHANGES_2.4",
        "http://www.debian.org/security/2015/dsa-3325",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
        "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
        "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
        "http://www.securityfocus.com/bid/75963",
        "http://www.securityfocus.com/bid/91787",
        "http://www.securitytracker.com/id/1032967",
        "http://www.ubuntu.com/usn/USN-2686-1",
        "https://access.redhat.com/errata/RHSA-2015:2659",
        "https://access.redhat.com/errata/RHSA-2015:2660",
        "https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
        "https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/CVE-2015-3183",
        "https://security.gentoo.org/glsa/201610-02",
        "https://support.apple.com/HT205219",
        "https://support.apple.com/kb/HT205031",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
        "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
        "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
        "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://marc.info/?l=bugtraq&m=144493176821532&w=2",
        "http://rhn.redhat.com/errata/RHSA-2015-1666.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1667.html",
        "http://rhn.redhat.com/errata/RHSA-2015-1668.html",
        "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0061.html",
        "http://rhn.redhat.com/errata/RHSA-2016-0062.html",
        "http://rhn.redhat.com/errata/RHSA-2016-2054.html",
        "http://rhn.redhat.com/errata/RHSA-2016-2055.html",
        "http://rhn.redhat.com/errata/RHSA-2016-2056.html",
        "http://www.apache.org/dist/httpd/CHANGES_2.4",
        "http://www.debian.org/security/2015/dsa-3325",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
        "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
        "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
        "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
        "http://www.securityfocus.com/bid/75963",
        "http://www.securityfocus.com/bid/91787",
        "http://www.securitytracker.com/id/1032967",
        "http://www.ubuntu.com/usn/USN-2686-1",
        "https://access.redhat.com/errata/RHSA-2015:2659",
        "https://access.redhat.com/errata/RHSA-2015:2660",
        "https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
        "https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
        "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://puppet.com/security/cve/CVE-2015-3183",
        "https://security.gentoo.org/glsa/201610-02",
        "https://support.apple.com/HT205219",
        "https://support.apple.com/kb/HT205031"
      ],
      "score": 5,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.",
      "vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
      "weakness": "CWE-17"
    },
    "CVE-2016-4975": {
      "id": "CVE-2016-4975",
      "references": [
        "http://www.securityfocus.com/bid/105093",
        "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975",
        "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://security.netapp.com/advisory/ntap-20180926-0006/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us"
      ],
      "score": 6.1,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "weakness": "CWE-93"
    },
    "CVE-2016-5387": {
      "id": "CVE-2016-5387",
      "references": [
        "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1624.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1625.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1648.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1649.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1650.html",
        "http://www.debian.org/security/2016/dsa-3623",
        "http://www.kb.cert.org/vuls/id/797896",
        "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
        "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
        "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
        "http://www.securityfocus.com/bid/91816",
        "http://www.securitytracker.com/id/1036330",
        "http://www.ubuntu.com/usn/USN-3038-1",
        "https://access.redhat.com/errata/RHSA-2016:1420",
        "https://access.redhat.com/errata/RHSA-2016:1421",
        "https://access.redhat.com/errata/RHSA-2016:1422",
        "https://access.redhat.com/errata/RHSA-2016:1635",
        "https://access.redhat.com/errata/RHSA-2016:1636",
        "https://access.redhat.com/errata/RHSA-2016:1851",
        "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
        "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
        "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
        "https://httpoxy.org/",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
        "https://security.gentoo.org/glsa/201701-36",
        "https://support.apple.com/HT208221",
        "https://www.apache.org/security/asf-httpoxy-response.txt",
        "https://www.tenable.com/security/tns-2017-04",
        "http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1624.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1625.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1648.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1649.html",
        "http://rhn.redhat.com/errata/RHSA-2016-1650.html",
        "http://www.debian.org/security/2016/dsa-3623",
        "http://www.kb.cert.org/vuls/id/797896",
        "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
        "http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
        "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
        "http://www.securityfocus.com/bid/91816",
        "http://www.securitytracker.com/id/1036330",
        "http://www.ubuntu.com/usn/USN-3038-1",
        "https://access.redhat.com/errata/RHSA-2016:1420",
        "https://access.redhat.com/errata/RHSA-2016:1421",
        "https://access.redhat.com/errata/RHSA-2016:1422",
        "https://access.redhat.com/errata/RHSA-2016:1635",
        "https://access.redhat.com/errata/RHSA-2016:1636",
        "https://access.redhat.com/errata/RHSA-2016:1851",
        "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
        "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
        "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
        "https://httpoxy.org/",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
        "https://security.gentoo.org/glsa/201701-36",
        "https://support.apple.com/HT208221",
        "https://www.apache.org/security/asf-httpoxy-response.txt",
        "https://www.tenable.com/security/tns-2017-04"
      ],
      "score": 8.1,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.  NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
      "vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2016-8612": {
      "id": "CVE-2016-8612",
      "references": [
        "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
        "http://www.securityfocus.com/bid/94939",
        "https://access.redhat.com/errata/RHSA-2017:0193",
        "https://access.redhat.com/errata/RHSA-2017:0194",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
        "https://security.netapp.com/advisory/ntap-20180601-0005/",
        "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
        "http://www.securityfocus.com/bid/94939",
        "https://access.redhat.com/errata/RHSA-2017:0193",
        "https://access.redhat.com/errata/RHSA-2017:0194",
        "https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
        "https://security.netapp.com/advisory/ntap-20180601-0005/"
      ],
      "score": 4.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.",
      "vector_string": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "weakness": "CWE-20"
    },
    "CVE-2016-8743": {
      "id": "CVE-2016-8743",
      "references": [
        "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
        "http://www.debian.org/security/2017/dsa-3796",
        "http://www.securityfocus.com/bid/95077",
        "http://www.securitytracker.com/id/1037508",
        "https://access.redhat.com/errata/RHSA-2017:0906",
        "https://access.redhat.com/errata/RHSA-2017:1161",
        "https://access.redhat.com/errata/RHSA-2017:1413",
        "https://access.redhat.com/errata/RHSA-2017:1414",
        "https://access.redhat.com/errata/RHSA-2017:1721",
        "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
        "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
        "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201701-36",
        "https://security.netapp.com/advisory/ntap-20180423-0001/",
        "https://support.apple.com/HT208221",
        "https://www.tenable.com/security/tns-2017-04",
        "http://rhn.redhat.com/errata/RHSA-2017-1415.html",
        "http://www.debian.org/security/2017/dsa-3796",
        "http://www.securityfocus.com/bid/95077",
        "http://www.securitytracker.com/id/1037508",
        "https://access.redhat.com/errata/RHSA-2017:0906",
        "https://access.redhat.com/errata/RHSA-2017:1161",
        "https://access.redhat.com/errata/RHSA-2017:1413",
        "https://access.redhat.com/errata/RHSA-2017:1414",
        "https://access.redhat.com/errata/RHSA-2017:1721",
        "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
        "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
        "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201701-36",
        "https://security.netapp.com/advisory/ntap-20180423-0001/",
        "https://support.apple.com/HT208221",
        "https://www.tenable.com/security/tns-2017-04"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "weakness": "NVD-CWE-noinfo"
    },
    "CVE-2017-3167": {
      "id": "CVE-2017-3167",
      "references": [
        "http://www.debian.org/security/2017/dsa-3896",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99135",
        "http://www.securitytracker.com/id/1038711",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.nomachine.com/SU08O00185",
        "https://www.tenable.com/security/tns-2019-09",
        "http://www.debian.org/security/2017/dsa-3896",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99135",
        "http://www.securitytracker.com/id/1038711",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.nomachine.com/SU08O00185",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-287"
    },
    "CVE-2017-3169": {
      "id": "CVE-2017-3169",
      "references": [
        "http://www.debian.org/security/2017/dsa-3896",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99134",
        "http://www.securitytracker.com/id/1038711",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae%40%3Cdev.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.nomachine.com/SU08O00185",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-476"
    },
    "CVE-2017-7679": {
      "id": "CVE-2017-7679",
      "references": [
        "http://www.debian.org/security/2017/dsa-3896",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99170",
        "http://www.securitytracker.com/id/1038711",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.nomachine.com/SU08O00185",
        "https://www.tenable.com/security/tns-2019-09",
        "http://www.debian.org/security/2017/dsa-3896",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99170",
        "http://www.securitytracker.com/id/1038711",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.nomachine.com/SU08O00185",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-126"
    },
    "CVE-2017-9788": {
      "id": "CVE-2017-9788",
      "references": [
        "http://www.debian.org/security/2017/dsa-3913",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99569",
        "http://www.securitytracker.com/id/1038906",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:2708",
        "https://access.redhat.com/errata/RHSA-2017:2709",
        "https://access.redhat.com/errata/RHSA-2017:2710",
        "https://access.redhat.com/errata/RHSA-2017:3113",
        "https://access.redhat.com/errata/RHSA-2017:3114",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3239",
        "https://access.redhat.com/errata/RHSA-2017:3240",
        "https://httpd.apache.org/security/vulnerabilities_22.html",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20170911-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.tenable.com/security/tns-2019-09",
        "http://www.debian.org/security/2017/dsa-3913",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
        "http://www.securityfocus.com/bid/99569",
        "http://www.securitytracker.com/id/1038906",
        "https://access.redhat.com/errata/RHSA-2017:2478",
        "https://access.redhat.com/errata/RHSA-2017:2479",
        "https://access.redhat.com/errata/RHSA-2017:2483",
        "https://access.redhat.com/errata/RHSA-2017:2708",
        "https://access.redhat.com/errata/RHSA-2017:2709",
        "https://access.redhat.com/errata/RHSA-2017:2710",
        "https://access.redhat.com/errata/RHSA-2017:3113",
        "https://access.redhat.com/errata/RHSA-2017:3114",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3239",
        "https://access.redhat.com/errata/RHSA-2017:3240",
        "https://httpd.apache.org/security/vulnerabilities_22.html",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20170911-0002/",
        "https://support.apple.com/HT208221",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 9.1,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "weakness": "CWE-20"
    },
    "CVE-2017-9798": {
      "id": "CVE-2017-9798",
      "references": [
        "http://openwall.com/lists/oss-security/2017/09/18/2",
        "http://www.debian.org/security/2017/dsa-3980",
        "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
        "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
        "http://www.securityfocus.com/bid/100872",
        "http://www.securityfocus.com/bid/105598",
        "http://www.securitytracker.com/id/1039387",
        "https://access.redhat.com/errata/RHSA-2017:2882",
        "https://access.redhat.com/errata/RHSA-2017:2972",
        "https://access.redhat.com/errata/RHSA-2017:3018",
        "https://access.redhat.com/errata/RHSA-2017:3113",
        "https://access.redhat.com/errata/RHSA-2017:3114",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3239",
        "https://access.redhat.com/errata/RHSA-2017:3240",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
        "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
        "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
        "https://github.com/hannob/optionsbleed",
        "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security-tracker.debian.org/tracker/CVE-2017-9798",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0003/",
        "https://support.apple.com/HT208331",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
        "https://www.exploit-db.com/exploits/42745/",
        "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
        "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
        "https://www.tenable.com/security/tns-2019-09",
        "http://openwall.com/lists/oss-security/2017/09/18/2",
        "http://www.debian.org/security/2017/dsa-3980",
        "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
        "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
        "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
        "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
        "http://www.securityfocus.com/bid/100872",
        "http://www.securityfocus.com/bid/105598",
        "http://www.securitytracker.com/id/1039387",
        "https://access.redhat.com/errata/RHSA-2017:2882",
        "https://access.redhat.com/errata/RHSA-2017:2972",
        "https://access.redhat.com/errata/RHSA-2017:3018",
        "https://access.redhat.com/errata/RHSA-2017:3113",
        "https://access.redhat.com/errata/RHSA-2017:3114",
        "https://access.redhat.com/errata/RHSA-2017:3193",
        "https://access.redhat.com/errata/RHSA-2017:3194",
        "https://access.redhat.com/errata/RHSA-2017:3195",
        "https://access.redhat.com/errata/RHSA-2017:3239",
        "https://access.redhat.com/errata/RHSA-2017:3240",
        "https://access.redhat.com/errata/RHSA-2017:3475",
        "https://access.redhat.com/errata/RHSA-2017:3476",
        "https://access.redhat.com/errata/RHSA-2017:3477",
        "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
        "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
        "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
        "https://github.com/hannob/optionsbleed",
        "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security-tracker.debian.org/tracker/CVE-2017-9798",
        "https://security.gentoo.org/glsa/201710-32",
        "https://security.netapp.com/advisory/ntap-20180601-0003/",
        "https://support.apple.com/HT208331",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
        "https://www.exploit-db.com/exploits/42745/",
        "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
        "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "weakness": "CWE-416"
    },
    "CVE-2018-1301": {
      "id": "CVE-2018-1301",
      "references": [
        "http://www.openwall.com/lists/oss-security/2018/03/24/2",
        "http://www.securityfocus.com/bid/103515",
        "http://www.securitytracker.com/id/1040573",
        "https://access.redhat.com/errata/RHSA-2018:3558",
        "https://access.redhat.com/errata/RHSA-2019:0366",
        "https://access.redhat.com/errata/RHSA-2019:0367",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
        "https://security.netapp.com/advisory/ntap-20180601-0004/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://usn.ubuntu.com/3627-1/",
        "https://usn.ubuntu.com/3627-2/",
        "https://usn.ubuntu.com/3937-2/",
        "https://www.debian.org/security/2018/dsa-4164",
        "https://www.tenable.com/security/tns-2019-09",
        "http://www.openwall.com/lists/oss-security/2018/03/24/2",
        "http://www.securityfocus.com/bid/103515",
        "http://www.securitytracker.com/id/1040573",
        "https://access.redhat.com/errata/RHSA-2018:3558",
        "https://access.redhat.com/errata/RHSA-2019:0366",
        "https://access.redhat.com/errata/RHSA-2019:0367",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
        "https://security.netapp.com/advisory/ntap-20180601-0004/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://usn.ubuntu.com/3627-1/",
        "https://usn.ubuntu.com/3627-2/",
        "https://usn.ubuntu.com/3937-2/",
        "https://www.debian.org/security/2018/dsa-4164",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 5.9,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
      "vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-119"
    },
    "CVE-2018-1302": {
      "id": "CVE-2018-1302",
      "references": [
        "http://www.openwall.com/lists/oss-security/2018/03/24/5",
        "http://www.securityfocus.com/bid/103528",
        "http://www.securitytracker.com/id/1040567",
        "https://access.redhat.com/errata/RHSA-2019:0366",
        "https://access.redhat.com/errata/RHSA-2019:0367",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.netapp.com/advisory/ntap-20180601-0004/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://usn.ubuntu.com/3783-1/",
        "https://www.tenable.com/security/tns-2019-09",
        "http://www.openwall.com/lists/oss-security/2018/03/24/5",
        "http://www.securityfocus.com/bid/103528",
        "http://www.securitytracker.com/id/1040567",
        "https://access.redhat.com/errata/RHSA-2019:0366",
        "https://access.redhat.com/errata/RHSA-2019:0367",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.netapp.com/advisory/ntap-20180601-0004/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://usn.ubuntu.com/3783-1/",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 5.9,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
      "vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-476"
    },
    "CVE-2018-1303": {
      "id": "CVE-2018-1303",
      "references": [
        "http://www.openwall.com/lists/oss-security/2018/03/24/3",
        "http://www.securityfocus.com/bid/103522",
        "http://www.securitytracker.com/id/1040572",
        "https://access.redhat.com/errata/RHSA-2018:3558",
        "https://access.redhat.com/errata/RHSA-2019:0366",
        "https://access.redhat.com/errata/RHSA-2019:0367",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.netapp.com/advisory/ntap-20180601-0004/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://usn.ubuntu.com/3627-1/",
        "https://usn.ubuntu.com/3627-2/",
        "https://www.debian.org/security/2018/dsa-4164",
        "https://www.tenable.com/security/tns-2019-09",
        "http://www.openwall.com/lists/oss-security/2018/03/24/3",
        "http://www.securityfocus.com/bid/103522",
        "http://www.securitytracker.com/id/1040572",
        "https://access.redhat.com/errata/RHSA-2018:3558",
        "https://access.redhat.com/errata/RHSA-2019:0366",
        "https://access.redhat.com/errata/RHSA-2019:0367",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
        "https://security.netapp.com/advisory/ntap-20180601-0004/",
        "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
        "https://usn.ubuntu.com/3627-1/",
        "https://usn.ubuntu.com/3627-2/",
        "https://www.debian.org/security/2018/dsa-4164",
        "https://www.tenable.com/security/tns-2019-09"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
      "vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-125"
    },
    "CVE-2021-34798": {
      "id": "CVE-2021-34798",
      "references": [
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
        "https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
        "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211008-0004/",
        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
        "https://www.debian.org/security/2021/dsa-4982",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://www.tenable.com/security/tns-2021-17",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
        "https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
        "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211008-0004/",
        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
        "https://www.debian.org/security/2021/dsa-4982",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://www.tenable.com/security/tns-2021-17"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-476"
    },
    "CVE-2021-39275": {
      "id": "CVE-2021-39275",
      "references": [
        "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211008-0004/",
        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
        "https://www.debian.org/security/2021/dsa-4982",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211008-0004/",
        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
        "https://www.debian.org/security/2021/dsa-4982",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-787"
    },
    "CVE-2021-40438": {
      "id": "CVE-2021-40438",
      "references": [
        "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211008-0004/",
        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
        "https://www.debian.org/security/2021/dsa-4982",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://www.tenable.com/security/tns-2021-17",
        "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
        "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
        "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211008-0004/",
        "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
        "https://www.debian.org/security/2021/dsa-4982",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://www.tenable.com/security/tns-2021-17"
      ],
      "score": 9,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "weakness": "CWE-918"
    },
    "CVE-2021-44790": {
      "id": "CVE-2021-44790",
      "references": [
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2021/12/20/4",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211224-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.debian.org/security/2022/dsa-5035",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://www.tenable.com/security/tns-2022-01",
        "https://www.tenable.com/security/tns-2022-03",
        "http://httpd.apache.org/security/vulnerabilities_24.html",
        "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2021/12/20/4",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20211224-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.debian.org/security/2022/dsa-5035",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujan2022.html",
        "https://www.tenable.com/security/tns-2022-01",
        "https://www.tenable.com/security/tns-2022-03"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-787"
    },
    "CVE-2022-22719": {
      "id": "CVE-2022-22719",
      "references": [
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2022/03/14/4",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220321-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2022/03/14/4",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220321-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.oracle.com/security-alerts/cpuapr2022.html"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-665"
    },
    "CVE-2022-22720": {
      "id": "CVE-2022-22720",
      "references": [
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2022/03/14/3",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220321-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujul2022.html",
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2022/03/14/3",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220321-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujul2022.html"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-444"
    },
    "CVE-2022-22721": {
      "id": "CVE-2022-22721",
      "references": [
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2022/03/14/2",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220321-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujul2022.html",
        "http://seclists.org/fulldisclosure/2022/May/33",
        "http://seclists.org/fulldisclosure/2022/May/35",
        "http://seclists.org/fulldisclosure/2022/May/38",
        "http://www.openwall.com/lists/oss-security/2022/03/14/2",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220321-0001/",
        "https://support.apple.com/kb/HT213255",
        "https://support.apple.com/kb/HT213256",
        "https://support.apple.com/kb/HT213257",
        "https://www.oracle.com/security-alerts/cpuapr2022.html",
        "https://www.oracle.com/security-alerts/cpujul2022.html"
      ],
      "score": 9.1,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "weakness": "CWE-190"
    },
    "CVE-2022-28330": {
      "id": "CVE-2022-28330",
      "references": [
        "http://www.openwall.com/lists/oss-security/2022/06/08/3",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.netapp.com/advisory/ntap-20220624-0005/",
        "http://www.openwall.com/lists/oss-security/2022/06/08/3",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.netapp.com/advisory/ntap-20220624-0005/"
      ],
      "score": 5.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "weakness": "CWE-125"
    },
    "CVE-2022-28614": {
      "id": "CVE-2022-28614",
      "references": [
        "http://www.openwall.com/lists/oss-security/2022/06/08/4",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/",
        "http://www.openwall.com/lists/oss-security/2022/06/08/4",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/"
      ],
      "score": 5.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "weakness": "CWE-190"
    },
    "CVE-2022-28615": {
      "id": "CVE-2022-28615",
      "references": [
        "http://www.openwall.com/lists/oss-security/2022/06/08/9",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/",
        "http://www.openwall.com/lists/oss-security/2022/06/08/9",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/"
      ],
      "score": 9.1,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "weakness": "CWE-190"
    },
    "CVE-2022-29404": {
      "id": "CVE-2022-29404",
      "references": [
        "http://www.openwall.com/lists/oss-security/2022/06/08/5",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/",
        "http://www.openwall.com/lists/oss-security/2022/06/08/5",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-770"
    },
    "CVE-2022-30556": {
      "id": "CVE-2022-30556",
      "references": [
        "http://www.openwall.com/lists/oss-security/2022/06/08/7",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/",
        "http://www.openwall.com/lists/oss-security/2022/06/08/7",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "weakness": "CWE-200"
    },
    "CVE-2022-31813": {
      "id": "CVE-2022-31813",
      "references": [
        "http://www.openwall.com/lists/oss-security/2022/06/08/8",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/",
        "http://www.openwall.com/lists/oss-security/2022/06/08/8",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
        "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
        "https://security.gentoo.org/glsa/202208-20",
        "https://security.netapp.com/advisory/ntap-20220624-0005/"
      ],
      "score": 9.8,
      "services": [
        "443/http"
      ],
      "severity": "critical",
      "summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "weakness": "CWE-348"
    },
    "CVE-2022-37436": {
      "id": "CVE-2022-37436",
      "references": [
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.gentoo.org/glsa/202309-01",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.gentoo.org/glsa/202309-01"
      ],
      "score": 5.3,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "weakness": "CWE-113"
    },
    "CVE-2023-31122": {
      "id": "CVE-2023-31122",
      "references": [
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
        "https://security.netapp.com/advisory/ntap-20231027-0011/",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
        "https://security.netapp.com/advisory/ntap-20231027-0011/"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-125"
    },
    "CVE-2023-45802": {
      "id": "CVE-2023-45802",
      "references": [
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
        "https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
        "https://security.netapp.com/advisory/ntap-20231027-0011/"
      ],
      "score": 5.9,
      "services": [
        "443/http"
      ],
      "severity": "medium",
      "summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.nnThis was found by the reporter during testing ofxa0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.nnUsers are recommended to upgrade to version 2.4.58, which fixes the issue.n",
      "vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "weakness": "CWE-770"
    },
    "CVE-2024-40898": {
      "id": "CVE-2024-40898",
      "references": [
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "http://www.openwall.com/lists/oss-security/2024/07/17/7",
        "https://httpd.apache.org/security/vulnerabilities_24.html",
        "https://security.netapp.com/advisory/ntap-20240808-0006/"
      ],
      "score": 7.5,
      "services": [
        "443/http"
      ],
      "severity": "high",
      "summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. ",
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "weakness": "CWE-918"
    }
  }
}