177.72.161.121
{
"scan_id": 1751821131,
"ip": "177.72.161.121",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "177.72.160.0/22",
"postal_code": "",
"coordinates": {
"latitude": "-22.8305",
"longitude": "-43.2192"
},
"geo_point": "-22.8305, -43.2192",
"locale_code": "en",
"continent": "South America",
"country_code": "BR",
"country_name": "Brazil",
"city": ""
},
"location_updated_at": "2025-07-07T00:42:42Z",
"asn": {
"number": "AS262548",
"organization": "GETCARD PROVEDORA DE TRANSACOES ELETRONICAS LTDA",
"country_code": "BR"
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "",
"organization": "",
"descr": "",
"_encoding": {
"raw": ""
}
},
"whois_updated_at": "0001-01-01T00:00:00Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-07-07T00:42:42Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-07-07T01:23:53Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-07-07T00:42:42Z"
}
],
"hostnames": [
{
"name": "177.72.161.121.static.getcard.net.br",
"last_updated_at": "2025-07-08T11:21:14.367927126Z"
}
],
"services": [
{
"port": 21,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T08:13:26.601Z"
},
{
"port": 22,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-01T04:11:09.172Z"
},
{
"port": 23,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-19T07:20:45.746Z"
},
{
"port": 25,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-18T12:06:19.757Z"
},
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "2.4.37",
"product": "Apache httpd",
"extra_info": "(AlmaLinux) OpenSSL/1.1.1g",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.4.37",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.4\\.37",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html><html lang=\"en\"><head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1, viewport-fit=cover\">\n <meta name=\"referrer\" content=\"no-referrer\">\n <title>Uniplus</title>\n <base href=\"/\">\n\n<!-- <link rel=\"manifest\" href=\"manifest.json\">-->\n <link type=\"image/x-icon\" rel=\"shortcut icon\" href=\"assets/icons/ico/logotipo-uniplus-icon-24.png\">\n <link rel=\"icon\" sizes=\"48x48\" href=\"assets/icons/ico/logotipo-uniplus-icon-48.png\">\n <link rel=\"icon\" sizes=\"96x96\" href=\"assets/icons/ico/logotipo-uniplus-icon-96.png\">\n <link rel=\"icon\" sizes=\"144x144\" href=\"assets/icons/ico/logotipo-uniplus-icon-144.png\">\n\n <!--Static Launch Screen Images - Imagens estáticas pré carregadas antes da aplicação iniciar-->\n <!--Ajustes para PWA no IOS-->\n <link rel=\"apple-touch-icon\" href=\"assets/icons/ico/logotipo-uniplus-icon-48.png\">\n <link rel=\"apple-touch-icon\" href=\"assets/icons/ico/logotipo-uniplus-icon-144.png\" sizes=\"152x152\">\n\n <!--app’s startup image for IOS-->\n <link rel=\"apple-touch-startup-image\" href=\"assets/icons/ico/logotipo-uniplus-icon-96.png\">\n <link rel=\"apple-touch-startup-image\" href=\"assets/icons/ico/logotipo-uniplus-icon-48.png\" media=\"screen and (min-device-width: 481px) and (max-device-width: 1024px) and (orientation:portrait)\">\n\n <style>\n .fundo-imagem {\n background-image: url('./assets/img/uniplus/uniplus_sm.svg');\n -moz-background-image: url('./assets/img/uniplus/uniplus_sm.svg');\n -webkit-background-image: url('./assets/img/uniplus/uniplus_sm.svg');\n background-repeat: no-repeat;\n background-position: center;\n background-position-y: 150px;\n background-size: 200px;\n opacity: 0.5;\n }\n\n .fundo-imagem-fla {\n background-image: url('./assets/img/svg/logo-flamingo.svg');\n -moz-background-image: url('./assets/img/svg/logo-flamingo.svg');\n -webkit-background-image: url('./assets/img/svg/logo-flamingo.svg');\n background-repeat: no-repeat;\n background-position: center;\n background-position-y: 150px;\n background-size: 200px;\n opacity: 0.5;\n }\n </style>\n\n<style>@charset \"UTF-8\";:root{--white-100:#fff;--cold-light-gray:#f5f5f5;--cinza-25:#c7cbd5;--azul-royal-01:#0050a0;--black:#000;--alaranjado-uniplus:#ff8b15;--cinza-azulado:#383e4b;--blue-hover:#36a9e1}html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}body{font-weight:400;color:var(--cinza-azulado);background-color:var(--cold-light-gray)}:root{--white-100:#fff;--azul-royal-04:rgba(0, 70, 100, 1);--light-gray:#e3e3e3;--intelidata-blue:#039;--vermelho-danger:#d70a23}:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, sans-serif, \"Apple Color Emoji\", \"Segoe UI Emoji\", \"Segoe UI Symbol\";--font-family-monospace:SFMono-Regular, Menlo, Monaco, Consolas, \"Liberation Mono\", \"Courier New\", monospace}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\",Segoe UI Symbol;font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:left;background-color:#fff}@media print{*,*:before,*:after{text-shadow:none!important;box-shadow:none!important}img{page-break-inside:avoid}@page{size:a3}body{min-width:992px!important}}@media all and (-ms-high-contrast: none){html{display:flex;flex-direction:column}}html{box-sizing:border-box;-ms-overflow-style:scrollbar}*,*:before,*:after{box-sizing:inherit}.row{display:flex;flex-wrap:wrap;margin-right:-15px;margin-left:-15px}*,*:before,*:after{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\",Segoe UI Symbol;font-size:.875rem;font-weight:400;line-height:1.5;color:#333;text-align:left;background-color:#fff}img{vertical-align:middle;border-style:none}svg:not(:root){overflow:hidden}html body{overflow:hidden}body{overflow-x:hidden;overflow-y:hidden}.spinner{position:absolute;top:0;left:0;width:100%;height:100vh;background-color:#0000001a;z-index:10000}.centralizaLogo-animada{display:flex;flex-direction:column;align-items:center;justify-content:center;vertical-align:middle;position:absolute;inset:-20px 0 0 24px}.app-loading .spinner{height:200px;width:200px;background:none;animation:rotate 2s linear infinite;transform-origin:center center;inset:0;margin:auto}.app-loading .spinner .path{stroke-dashoffset:0;animation:dash 1.5s ease-in-out infinite;stroke-linecap:round;stroke:#fff;opacity:.4}@keyframes rotate{to{transform:rotate(360deg)}}@keyframes dash{0%{stroke-dasharray:1,200;stroke-dashoffset:-28}50%{stroke-dasharray:79,200;stroke-dashoffset:-126px}to{stroke-dasharray:99,200;stroke-dashoffset:-136px}}.central-plus{position:relative;-webkit-animation-name:example;-webkit-animation-duration:2.6s;animation-name:example;animation-duration:2.6s;animation-iteration-count:6}.central-plus img{height:32px}@keyframes example{0%{left:4px;bottom:-24px;width:30px;height:20px;opacity:.2}25%{width:30px}50%{bottom:15px;width:30px;height:40px;opacity:.9}75%{bottom:20px;width:50px;height:50px}to{width:50px;height:50px;opacity:0}}.right-plus{position:relative;-webkit-animation-name:example-z;-webkit-animation-duration:2.6s;animation-name:example-z;animation-duration:2.6s;animation-iteration-count:6}.right-plus img{margin-top:30px;height:30px}@keyframes example-z{0%{bottom:-10px;left:-2px;opacity:.2}50%{opacity:.8}75%{bottom:15px}to{left:24px;opacity:.1}}.left-plus{position:relative;-webkit-animation-name:example-u;-webkit-animation-duration:2.6s;animation-name:example-u;animation-duration:2.6s;animation-iteration-count:6}.left-plus img{margin-top:20px;height:26px}@keyframes example-u{0%{left:20px;bottom:-15px;opacity:.2}75%{bottom:15px;opacity:.9}to{left:-10px;opacity:.1}}.logo-u{margin-left:-44px;margin-top:-34px;width:80px}.class-fade-out img{text-align:center;animation:fadeout 2.6s;-moz-animation:fadeout 2.6s;-webkit-animation:fadeout 2.6s;-o-animation:fadeout 2.6s;animation-iteration-count:6;-webkit-animation-iteration-count:6}@keyframes fadeout{0%{opacity:.8}to{opacity:0}}:root{--safe-area-inset-top:0px;--safe-area-inset-right:0px;--safe-area-inset-bottom:0px;--safe-area-inset-left:0px}@media only screen and (max-device-width: 480px) and (orientation: portrait){@supports not (-webkit-overflow-scrolling: touch){.android-border{top:62px!important}}@supports (-webkit-overflow-scrolling: touch){it-app{overscroll-behavior-y:none}.iphone-border{height:calc(100% + var(--safe-area-inset-top) + var(--safe-area-inset-bottom))}}}@charset \"UTF-8\"</style><link rel=\"stylesheet\" href=\"styles.7d38cc70a66f0c96.css\" media=\"print\" onload=\"this.media='all'\"><noscript><link rel=\"stylesheet\" href=\"styles.7d38cc70a66f0c96.css\"></noscript></head>\n\n<body id=\"indice\" class=\"iphone-border android-border\">\n<it-app>\n\n <div id=\"loadingbg\" class=\"app-loading\">\n <svg class=\"spinner\" viewBox=\"25 25 50 50\">\n <circle class=\"path\" cx=\"50\" cy=\"50\" r=\"24\" fill=\"none\" stroke-width=\"3\"></circle>\n </svg>\n </div>\n\n <div class=\"centralizaLogo-animada\">\n <div class=\"row\">\n <div class=\"left-plus\">\n <img src=\"assets/img/uniplus/cruz-2.svg\">\n </div>\n\n <div class=\"central-plus\">\n <img src=\"assets/img/uniplus/cruz-1.svg\">\n </div>\n\n <div class=\"right-plus\">\n <img src=\"assets/img/uniplus/cruz-3.svg\">\n </div>\n </div>\n\n <div class=\"row\">\n <div class=\"class-fade-out\">\n <img src=\"assets/img/uniplus/uni-u.svg\" class=\"logo-u\">\n </div>\n </div>\n </div>\n\n</it-app>\n\n<!--<div class=\"cria-scroll-ios\"></div>-->\n<noscript>Por favor ative o JavaScript para usar o sistema.</noscript>\n<script src=\"runtime.7a208810e2a754bc.js\" type=\"module\"></script><script src=\"polyfills.957dbba9248c14fb.js\" type=\"module\"></script><script src=\"scripts.0b6c6681ecd7ebd0.js\" defer></script><script src=\"main.839cfacca8b5bb25.js\" type=\"module\"></script>\n\n</body></html>",
"body_murmur": -21980788,
"body_sha256": "a049b0c29bfaa588aa7e316995f014f58dd2fe9fddaa93e350b26bc606eb18b8",
"component": [
"Apache HTTP Server:2.4.37",
"AlmaLinux",
"OpenSSL:1.1.1g"
],
"content_length": -1,
"favicon": {
"md5_hash": "5818c0b8337a68cc19958e810c807548",
"murmur_hash": -1814695367,
"path": "http://177.72.161.121:80/assets/icons/ico/logotipo-uniplus-icon-24.png",
"size": 676
},
"headers": {
"accept_ranges": [
"bytes"
],
"access_control_allow_origin": [
"*"
],
"cache_control": [
"no-cache, no-store, max-age=0, must-revalidate"
],
"content_language": [
"pt-BR"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sun, 06 Jul 2025 11:00:52 GMT"
],
"expires": [
"0"
],
"last_modified": [
"Thu, 03 Apr 2025 11:40:25 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache/2.4.37 (AlmaLinux) OpenSSL/1.1.1g"
],
"unknown": [
{
"key": "access_control_allow_methods",
"value": [
"*"
]
},
{
"key": "access_control_max_age",
"value": [
"3600"
]
},
{
"key": "access_control_allow_headers",
"value": [
"*"
]
}
],
"vary": [
"accept-encoding,origin,access-control-request-headers,access-control-request-method"
],
"x_content_type_options": [
"nosniff"
],
"x_frame_options": [
"DENY"
],
"x_xss_protection": [
"1; mode=block"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "177.72.161.121",
"path": "",
"scheme": "http"
}
},
"status_code": 200,
"title": "Uniplus",
"transfer_encoding": [
"chunked"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2018-17189",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2018-17199",
"score": 7.5,
"severity": "high"
}
],
"url": "http://177.72.161.121/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T11:00:54.567Z"
},
{
"port": 110,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T16:38:20.347Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "2.4.37",
"product": "Apache httpd",
"extra_info": "(AlmaLinux) OpenSSL/1.1.1g",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.4.37",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.4\\.37",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html><html lang=\"en\"><head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1, viewport-fit=cover\">\n <meta name=\"referrer\" content=\"no-referrer\">\n <title>Uniplus</title>\n <base href=\"/\">\n\n<!-- <link rel=\"manifest\" href=\"manifest.json\">-->\n <link type=\"image/x-icon\" rel=\"shortcut icon\" href=\"assets/icons/ico/logotipo-uniplus-icon-24.png\">\n <link rel=\"icon\" sizes=\"48x48\" href=\"assets/icons/ico/logotipo-uniplus-icon-48.png\">\n <link rel=\"icon\" sizes=\"96x96\" href=\"assets/icons/ico/logotipo-uniplus-icon-96.png\">\n <link rel=\"icon\" sizes=\"144x144\" href=\"assets/icons/ico/logotipo-uniplus-icon-144.png\">\n\n <!--Static Launch Screen Images - Imagens estáticas pré carregadas antes da aplicação iniciar-->\n <!--Ajustes para PWA no IOS-->\n <link rel=\"apple-touch-icon\" href=\"assets/icons/ico/logotipo-uniplus-icon-48.png\">\n <link rel=\"apple-touch-icon\" href=\"assets/icons/ico/logotipo-uniplus-icon-144.png\" sizes=\"152x152\">\n\n <!--app’s startup image for IOS-->\n <link rel=\"apple-touch-startup-image\" href=\"assets/icons/ico/logotipo-uniplus-icon-96.png\">\n <link rel=\"apple-touch-startup-image\" href=\"assets/icons/ico/logotipo-uniplus-icon-48.png\" media=\"screen and (min-device-width: 481px) and (max-device-width: 1024px) and (orientation:portrait)\">\n\n <style>\n .fundo-imagem {\n background-image: url('./assets/img/uniplus/uniplus_sm.svg');\n -moz-background-image: url('./assets/img/uniplus/uniplus_sm.svg');\n -webkit-background-image: url('./assets/img/uniplus/uniplus_sm.svg');\n background-repeat: no-repeat;\n background-position: center;\n background-position-y: 150px;\n background-size: 200px;\n opacity: 0.5;\n }\n\n .fundo-imagem-fla {\n background-image: url('./assets/img/svg/logo-flamingo.svg');\n -moz-background-image: url('./assets/img/svg/logo-flamingo.svg');\n -webkit-background-image: url('./assets/img/svg/logo-flamingo.svg');\n background-repeat: no-repeat;\n background-position: center;\n background-position-y: 150px;\n background-size: 200px;\n opacity: 0.5;\n }\n </style>\n\n<style>@charset \"UTF-8\";:root{--white-100:#fff;--cold-light-gray:#f5f5f5;--cinza-25:#c7cbd5;--azul-royal-01:#0050a0;--black:#000;--alaranjado-uniplus:#ff8b15;--cinza-azulado:#383e4b;--blue-hover:#36a9e1}html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}body{font-weight:400;color:var(--cinza-azulado);background-color:var(--cold-light-gray)}:root{--white-100:#fff;--azul-royal-04:rgba(0, 70, 100, 1);--light-gray:#e3e3e3;--intelidata-blue:#039;--vermelho-danger:#d70a23}:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, sans-serif, \"Apple Color Emoji\", \"Segoe UI Emoji\", \"Segoe UI Symbol\";--font-family-monospace:SFMono-Regular, Menlo, Monaco, Consolas, \"Liberation Mono\", \"Courier New\", monospace}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\",Segoe UI Symbol;font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:left;background-color:#fff}@media print{*,*:before,*:after{text-shadow:none!important;box-shadow:none!important}img{page-break-inside:avoid}@page{size:a3}body{min-width:992px!important}}@media all and (-ms-high-contrast: none){html{display:flex;flex-direction:column}}html{box-sizing:border-box;-ms-overflow-style:scrollbar}*,*:before,*:after{box-sizing:inherit}.row{display:flex;flex-wrap:wrap;margin-right:-15px;margin-left:-15px}*,*:before,*:after{box-sizing:border-box}html{font-family:sans-serif;line-height:1.15;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-ms-overflow-style:scrollbar;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\",Segoe UI Symbol;font-size:.875rem;font-weight:400;line-height:1.5;color:#333;text-align:left;background-color:#fff}img{vertical-align:middle;border-style:none}svg:not(:root){overflow:hidden}html body{overflow:hidden}body{overflow-x:hidden;overflow-y:hidden}.spinner{position:absolute;top:0;left:0;width:100%;height:100vh;background-color:#0000001a;z-index:10000}.centralizaLogo-animada{display:flex;flex-direction:column;align-items:center;justify-content:center;vertical-align:middle;position:absolute;inset:-20px 0 0 24px}.app-loading .spinner{height:200px;width:200px;background:none;animation:rotate 2s linear infinite;transform-origin:center center;inset:0;margin:auto}.app-loading .spinner .path{stroke-dashoffset:0;animation:dash 1.5s ease-in-out infinite;stroke-linecap:round;stroke:#fff;opacity:.4}@keyframes rotate{to{transform:rotate(360deg)}}@keyframes dash{0%{stroke-dasharray:1,200;stroke-dashoffset:-28}50%{stroke-dasharray:79,200;stroke-dashoffset:-126px}to{stroke-dasharray:99,200;stroke-dashoffset:-136px}}.central-plus{position:relative;-webkit-animation-name:example;-webkit-animation-duration:2.6s;animation-name:example;animation-duration:2.6s;animation-iteration-count:6}.central-plus img{height:32px}@keyframes example{0%{left:4px;bottom:-24px;width:30px;height:20px;opacity:.2}25%{width:30px}50%{bottom:15px;width:30px;height:40px;opacity:.9}75%{bottom:20px;width:50px;height:50px}to{width:50px;height:50px;opacity:0}}.right-plus{position:relative;-webkit-animation-name:example-z;-webkit-animation-duration:2.6s;animation-name:example-z;animation-duration:2.6s;animation-iteration-count:6}.right-plus img{margin-top:30px;height:30px}@keyframes example-z{0%{bottom:-10px;left:-2px;opacity:.2}50%{opacity:.8}75%{bottom:15px}to{left:24px;opacity:.1}}.left-plus{position:relative;-webkit-animation-name:example-u;-webkit-animation-duration:2.6s;animation-name:example-u;animation-duration:2.6s;animation-iteration-count:6}.left-plus img{margin-top:20px;height:26px}@keyframes example-u{0%{left:20px;bottom:-15px;opacity:.2}75%{bottom:15px;opacity:.9}to{left:-10px;opacity:.1}}.logo-u{margin-left:-44px;margin-top:-34px;width:80px}.class-fade-out img{text-align:center;animation:fadeout 2.6s;-moz-animation:fadeout 2.6s;-webkit-animation:fadeout 2.6s;-o-animation:fadeout 2.6s;animation-iteration-count:6;-webkit-animation-iteration-count:6}@keyframes fadeout{0%{opacity:.8}to{opacity:0}}:root{--safe-area-inset-top:0px;--safe-area-inset-right:0px;--safe-area-inset-bottom:0px;--safe-area-inset-left:0px}@media only screen and (max-device-width: 480px) and (orientation: portrait){@supports not (-webkit-overflow-scrolling: touch){.android-border{top:62px!important}}@supports (-webkit-overflow-scrolling: touch){it-app{overscroll-behavior-y:none}.iphone-border{height:calc(100% + var(--safe-area-inset-top) + var(--safe-area-inset-bottom))}}}@charset \"UTF-8\"</style><link rel=\"stylesheet\" href=\"styles.7d38cc70a66f0c96.css\" media=\"print\" onload=\"this.media='all'\"><noscript><link rel=\"stylesheet\" href=\"styles.7d38cc70a66f0c96.css\"></noscript></head>\n\n<body id=\"indice\" class=\"iphone-border android-border\">\n<it-app>\n\n <div id=\"loadingbg\" class=\"app-loading\">\n <svg class=\"spinner\" viewBox=\"25 25 50 50\">\n <circle class=\"path\" cx=\"50\" cy=\"50\" r=\"24\" fill=\"none\" stroke-width=\"3\"></circle>\n </svg>\n </div>\n\n <div class=\"centralizaLogo-animada\">\n <div class=\"row\">\n <div class=\"left-plus\">\n <img src=\"assets/img/uniplus/cruz-2.svg\">\n </div>\n\n <div class=\"central-plus\">\n <img src=\"assets/img/uniplus/cruz-1.svg\">\n </div>\n\n <div class=\"right-plus\">\n <img src=\"assets/img/uniplus/cruz-3.svg\">\n </div>\n </div>\n\n <div class=\"row\">\n <div class=\"class-fade-out\">\n <img src=\"assets/img/uniplus/uni-u.svg\" class=\"logo-u\">\n </div>\n </div>\n </div>\n\n</it-app>\n\n<!--<div class=\"cria-scroll-ios\"></div>-->\n<noscript>Por favor ative o JavaScript para usar o sistema.</noscript>\n<script src=\"runtime.7a208810e2a754bc.js\" type=\"module\"></script><script src=\"polyfills.957dbba9248c14fb.js\" type=\"module\"></script><script src=\"scripts.0b6c6681ecd7ebd0.js\" defer></script><script src=\"main.839cfacca8b5bb25.js\" type=\"module\"></script>\n\n</body></html>",
"body_murmur": -21980788,
"body_sha256": "a049b0c29bfaa588aa7e316995f014f58dd2fe9fddaa93e350b26bc606eb18b8",
"component": [
"OpenSSL:1.1.1g",
"Apache HTTP Server:2.4.37",
"AlmaLinux"
],
"content_length": -1,
"favicon": {
"md5_hash": "5818c0b8337a68cc19958e810c807548",
"murmur_hash": -1814695367,
"path": "https://177.72.161.121:443/assets/icons/ico/logotipo-uniplus-icon-24.png",
"size": 676
},
"headers": {
"accept_ranges": [
"bytes"
],
"access_control_allow_origin": [
"*"
],
"cache_control": [
"no-cache, no-store, max-age=0, must-revalidate"
],
"content_language": [
"pt-BR"
],
"content_security_policy": [
"default-src *; img-src * data: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src * blob:; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; object-src 'self'"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Fri, 04 Jul 2025 03:29:12 GMT"
],
"expires": [
"0"
],
"last_modified": [
"Thu, 03 Apr 2025 11:40:25 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache/2.4.37 (AlmaLinux) OpenSSL/1.1.1g"
],
"strict_transport_security": [
"max-age=63072000; includeSubDomains; preload"
],
"unknown": [
{
"key": "access_control_max_age",
"value": [
"3600"
]
},
{
"key": "access_control_allow_methods",
"value": [
"*"
]
},
{
"key": "referrer_policy",
"value": [
"same-origin"
]
},
{
"key": "access_control_allow_headers",
"value": [
"*"
]
}
],
"vary": [
"accept-encoding,origin,access-control-request-headers,access-control-request-method"
],
"x_content_type_options": [
"nosniff",
"nosniff"
],
"x_frame_options": [
"DENY",
"DENY"
],
"x_xss_protection": [
"1; mode=block",
"1; mode=block"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "177.72.161.121",
"path": "",
"scheme": "https"
}
},
"status_code": 200,
"title": "Uniplus",
"transfer_encoding": [
"chunked"
]
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://r10.i.lencr.org/"
]
},
"authority_key_id": "bbbcc347a5e4bca9c6c3a4720c108da235e1c8e8",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
}
],
"crl_distribution_points": [
"http://r10.c.lencr.org/35.crl"
],
"ct_precert_scts": "Signed Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : ED:3C:4B:D6:E8:06:C2:A4:A2:00:57:DB:CB:24:E2:38:\n 01:DF:51:2F:ED:C4:86:C5:70:0F:20:DD:B7:3E:3F:E0\n Timestamp : Jun 25 06:06:54.567 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:21:00:F3:93:A5:A4:D0:A7:20:73:AB:7D:74:\n AF:AF:7D:43:BA:54:C5:D4:EF:5E:A4:11:86:A5:3C:27:\n 53:FE:EE:50:47:02:20:2B:20:C4:7E:F6:3B:3A:4D:41:\n D2:46:29:F0:A6:B9:BF:9C:5E:3D:62:6F:FC:3A:2E:DE:\n CB:3A:9F:E3:99:3E:D2\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : DD:DC:CA:34:95:D7:E1:16:05:E7:95:32:FA:C7:9F:F8:\n 3D:1C:50:DF:DB:00:3A:14:12:76:0A:2C:AC:BB:C8:2A\n Timestamp : Jun 25 06:06:56.633 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:3A:ED:FC:7C:39:0A:92:CC:4F:00:BE:2B:\n 72:F2:D8:51:2F:42:E9:8F:1B:E7:26:FC:25:4F:19:DE:\n D4:C2:98:78:02:21:00:EF:46:8F:D2:37:40:32:76:9C:\n 39:0A:B3:72:F8:25:3C:29:23:83:06:C7:10:D0:94:FF:\n 33:82:C6:DD:7B:27:86",
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"ksc-getcard01.getcard.uniplusweb.com"
]
},
"subject_key_id": "d4bb1eed685479d3ecdf017170842e54e006c0e0"
},
"fingerprint_md5": "0564FF44D20FFFBE220888D34F2B9673",
"fingerprint_sha1": "19C31EE8B0ADEB075FD48B5163E9C1D382A7C0D2",
"fingerprint_sha256": "153C0935442C1BC85CC7C23660E2259BB0CF417773FE8451A4C681BB0B42BA45",
"issuer": {
"common_name": [
"R10"
],
"country": [
"US"
],
"organization": [
"Let's Encrypt"
]
},
"issuer_dn": "/C=US/O=Let's Encrypt/CN=R10",
"jarm": "15d3fd16d29d29d00042d43d000000ed1cf37c9a169b41886e27ba8fad60b0",
"redacted": false,
"revocation": {
"crl": {
"next_update": "2025-07-13T06:46:56",
"reason": "UNKNOWN",
"revoked": false
},
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "529090328098297657099384295745366064814498",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "ODdhYjk5YTZkNmI4NTM5OTAyMDc5N2M0NzdjOWI0YTVjNzIwMDdjMDc5N2FhNDBkYzc0ODJkZWE0NWRiN2JmOTk3OTI3NjBiYmY1NGU3ZTdhZDUwNjAwNDJmNTI2MTlhYzQ5M2VhN2MyZTU0MGU3NTYyMGJjZDk1NGExMGUwOTA1MTBhNTA3MzZjMGFlZTg3MDI3OGUwNDEyMWE1NTM2YzFhMzZmMWQ2OTBmNTc4YzNjM2QzZDBiNjYxYTJlNzBmMDEyOTgxZjdmNWRlNTFmZDI3OTMzZWRmNTBjY2QzNjY4ZGM1ODRmM2RlOTRmZjYzMDNkNTE3NDNjNDA1MWE5MDZhOGIzMWUyNzliNTQxZmZjMDJjNTVlNTc3Y2QyYThkOWU5MmY5NTgwZDgwZjMxNTAwODRiOTljZjI0NjFjZTJhYjI1ZTY4YzNkNWQ3NzY5Y2NiZmQxZjVlYmZjY2M3YzRmYzYxODAwOWFkNzQ2NGQwMjRmY2RkYWJjNzc0MGZjOGNiOGRlMzQwNzYxYmRkN2UzZjA2YmY4NDk0MTEwNmJkYmRkMzhiYjRkYjViNTBlZmVjNmI3N2Y4YjNkMmU3N2I3YzhkYTNhNzA4ZjdkZWYzYWJiZTliNzNkNWJiYWVkOTI0NDhlMGIxZWJiYzA5OTRlZTMxNDcyZThmMzg2MDg="
},
"signed_certificate_timestamps": [
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "ed3c4bd6e806c2a4a20057dbcb24e23801df512fedc486c5700f20ddb73e3fe0",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3045022100f393a5a4d0a72073ab7d74afaf7d43ba54c5d4ef5ea41186a53c2753feee504702202b20c47ef63b3a4d41d24629f0a6b9bf9c5e3d626ffc3a2edecb3a9fe3993ed2"
},
"timestamp": "2025-06-25T06:06:54.567000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "dddcca3495d7e11605e79532fac79ff83d1c50dfdb003a1412760a2cacbbc82a",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "304502203aedfc7c390a92cc4f00be2b72f2d8512f42e98f1be726fc254f19ded4c29878022100ef468fd2374032769c390ab372f8253c29238306c710d094ff3382c6dd7b2786"
},
"timestamp": "2025-06-25T06:06:56.633000",
"version": "v1"
}
],
"signed_certificate_timestamps_oid": "1.3.6.1.4.1.11129.2.4.2",
"subject": {
"common_name": [
"ksc-getcard01.getcard.uniplusweb.com"
]
},
"subject_alt_name": {
"dns_names": [
"ksc-getcard01.getcard.uniplusweb.com"
],
"extended_dns_names": [
{
"domain": "uniplusweb",
"fld": "uniplusweb.com",
"subdomain": "ksc-getcard01.getcard",
"tld": "com"
}
]
},
"subject_dn": "/CN=ksc-getcard01.getcard.uniplusweb.com",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "2eeff32addfeef89b219213a9007775375544af1ef1a0910ee8ca350ce59a3e7",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhkMDYxYjViMDU5ZmIyNzY2YWFhMmE4MjgzMTg0NDhlNzcyOTI1ZGE5ZmMyNjQ3N2Y0ODhhOWQzODIxODJjY2VjMTE2ZDMyODE3NTBmZTBjMTEzZDRlNjcyM2YxOThjMGZhOGNiODM3ZmQ5YzdmMTE2ODA4NGQ0YjFiYmRmODM1ZTFlYzQ0MzIzNzhmODFlYmExMjRhMTVhYzExMjQ4NmI5ZWQxZTY3ZGFhODg0ZDM0YzUzNGE3ZTkwMWQ1OTI2NTcxY2YyMjg2Njg4NjhjOWY4NjI0N2ZkN2FlOTcwNmIzZjZiZTE4YzZjZDdmYmNhYjA4MGRmZDdhZmVlOWM4NWMyMWNiMzI0YjJhZTc4MWQ1NGUyNzBmNzA1Yzc3NWZmZGU4ZTgwYWQ5MzdmOTU5ODM2MmU4NDM2YzA2M2Y5MjRhOGY4NTA0ODgzZTg5MzFhMzE0N2I4ZjQyNjcxYzU3YmNkOGIyMDMwMGZkM2QyNTczNjI5ZDIyZWJjNzJmNGRjZGZhNTk2NDk3NWU5OTExYjA5MDg4OTk0Y2RkNGI0OTAwNTkxOGFkOWE3MGI1YTVlZjNmYWM3NjQ3YWI1MzEzOThkZjRmZjAwNjRmN2Y2NDA2YzIyMzNmM2Q3NTI0NzAwZjUxN2QyNjIwZjRmMmJjZDU5NjlhMGIzNGE0NmIxYThkZg=="
}
},
"tbs_fingerprint": "ec90c4d50ac324c07eda6fa25c6c63cb14a29a2a0793ac6035b08ad776d18501",
"tbs_noct_fingerprint": "ab5d36568abab8afd1f10178fe0e67cb7155ee787b8511b65889f1c7d902a1af",
"validation_level": "DV",
"validity": {
"length_seconds": 7775999,
"not_after": "2025-09-23T05:08:23",
"not_before": "2025-06-25T05:08:24"
},
"version": 2
},
"fingerprint_sha256": "153C0935442C1BC85CC7C23660E2259BB0CF417773FE8451A4C681BB0B42BA45",
"precert": false,
"raw": "MIIFJDCCBAygAwIBAgISBhLbUp304jYaUEJJCvf3ItmiMA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQDEwNSMTAwHhcNMjUwNjI1MDUwODI0WhcNMjUwOTIzMDUwODIzWjAvMS0wKwYDVQQDEyRrc2MtZ2V0Y2FyZDAxLmdldGNhcmQudW5pcGx1c3dlYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQYbWwWfsnZqqiqCgxhEjncpJdqfwmR39Iip04IYLM7BFtMoF1D+DBE9Tmcj8ZjA+oy4N/2cfxFoCE1LG734NeHsRDI3j4HroSShWsESSGue0eZ9qohNNMU0p+kB1ZJlcc8ihmiGjJ+GJH/XrpcGs/a+GMbNf7yrCA39ev7pyFwhyzJLKueB1U4nD3Bcd1/96OgK2Tf5WYNi6ENsBj+SSo+FBIg+iTGjFHuPQmccV7zYsgMA/T0lc2KdIuvHL03N+llkl16ZEbCQiJlM3UtJAFkYrZpwtaXvP6x2R6tTE5jfT/AGT39kBsIjPz11JHAPUX0mIPTyvNWWmgs0pGsajfAgMBAAGjggI0MIICMDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNS7Hu1oVHnT7N8BcXCELlTgBsDgMB8GA1UdIwQYMBaAFLu8w0el5LypxsOkcgwQjaI14cjoMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAoYXaHR0cDovL3IxMC5pLmxlbmNyLm9yZy8wLwYDVR0RBCgwJoIka3NjLWdldGNhcmQwMS5nZXRjYXJkLnVuaXBsdXN3ZWIuY29tMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTAuYy5sZW5jci5vcmcvMzUuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA7TxL1ugGwqSiAFfbyyTiOAHfUS/txIbFcA8g3bc+P+AAAAGXpbJKZwAABAMARzBFAiEA85OlpNCnIHOrfXSvr31DulTF1O9epBGGpTwnU/7uUEcCICsgxH72OzpNQdJGKfCmub+cXj1ib/w6Lt7LOp/jmT7SAHYA3dzKNJXX4RYF55Uy+sef+D0cUN/bADoUEnYKLKy7yCoAAAGXpbJSeQAABAMARzBFAiA67fx8OQqSzE8Avity8thRL0LpjxvnJvwlTxne1MKYeAIhAO9Gj9I3QDJ2nDkKs3L4JTwpI4MGxxDQlP8zgsbdeyeGMA0GCSqGSIb3DQEBCwUAA4IBAQCHq5mm1rhTmQIHl8R3ybSlxyAHwHl6pA3HSC3qRdt7+ZeSdgu/VOfnrVBgBC9SYZrEk+p8LlQOdWILzZVKEOCQUQpQc2wK7ocCeOBBIaVTbBo28daQ9XjDw9PQtmGi5w8BKYH39d5R/SeTPt9QzNNmjcWE896U/2MD1RdDxAUakGqLMeJ5tUH/wCxV5XfNKo2ekvlYDYDzFQCEuZzyRhziqyXmjD1dd2nMv9H16/zMfE/GGACa10ZNAk/N2rx3QPyMuN40B2G91+Pwa/hJQRBr2904u021tQ7+xrd/iz0ud7fI2jpwj33vOrvptz1buu2SRI4LHrvAmU7jFHLo84YI",
"tags": [
"dv",
"trusted"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2018-17189",
"score": 5.3,
"severity": "medium"
},
{
"id": "CVE-2018-17199",
"score": 7.5,
"severity": "high"
}
],
"url": "https://177.72.161.121/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-04T06:59:53.993Z"
},
{
"port": 445,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-19T00:28:41.543Z"
},
{
"port": 465,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T05:39:15.5Z"
},
{
"port": 587,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-01T01:15:22.767Z"
},
{
"port": 631,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-18T10:55:11.486Z"
},
{
"port": 993,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T12:30:40.271Z"
},
{
"port": 1433,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T10:46:31.096Z"
},
{
"port": 1883,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-02T10:39:09.344Z"
},
{
"port": 1911,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T17:20:15.557Z"
},
{
"port": 2525,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T02:57:40.539Z"
},
{
"port": 5000,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-30T23:49:15.183Z"
},
{
"port": 5060,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T17:16:51.405Z"
},
{
"port": 5432,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T08:40:36.284Z"
},
{
"port": 5671,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T18:01:37.178Z"
},
{
"port": 5984,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T21:50:25.522Z"
},
{
"port": 6379,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T20:44:19.533Z"
},
{
"port": 7574,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T03:53:11.685Z"
},
{
"port": 8086,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-21T02:56:50.524Z"
},
{
"port": 8087,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T00:01:01.923Z"
},
{
"port": 8500,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T22:28:06.056Z"
},
{
"port": 8883,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T01:57:22.177Z"
},
{
"port": 8983,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T08:32:59.75Z"
},
{
"port": 9092,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T22:50:37.6Z"
},
{
"port": 9093,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-20T23:49:47.013Z"
},
{
"port": 9200,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-20T12:13:46.146Z"
},
{
"port": 10250,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-07T02:13:08.018Z"
},
{
"port": 11211,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-20T08:32:14.824Z"
},
{
"port": 15672,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-06-30T03:17:40.197Z"
},
{
"port": 20000,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T13:21:07.189Z"
},
{
"port": 27017,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T01:53:20.474Z"
},
{
"port": 27018,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T18:53:33.373Z"
},
{
"port": 27019,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-06T17:02:24.373Z"
}
],
"services_hash": "b05b8c399ce317fe61e45eb4b00ffca0aa85a9b4b6864a868cb851eb31947e7c",
"last_updated_at": "2025-07-08T10:46:31.096Z",
"banner": [
"http",
"tls"
],
"is_vuln": true,
"cveDetails": {
"CVE-2006-20001": {
"id": "CVE-2006-20001",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://security.netapp.com/advisory/ntap-20230316-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2018-17189": {
"id": "CVE-2018-17189",
"references": [
"http://www.securityfocus.com/bid/106685",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-400"
},
"CVE-2018-17199": {
"id": "CVE-2018-17199",
"references": [
"http://www.securityfocus.com/bid/106742",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09",
"http://www.securityfocus.com/bid/106742",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-384"
},
"CVE-2019-0190": {
"id": "CVE-2019-0190",
"references": [
"http://www.securityfocus.com/bid/106743",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2019-0196": {
"id": "CVE-2019-0196",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4.39",
"http://www.openwall.com/lists/oss-security/2019/04/02/1",
"http://www.securityfocus.com/bid/107669",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRYD6JMEJ6O3JKJZFNOYXMJJU5JMEJK/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190617-0002/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-416"
},
"CVE-2019-0197": {
"id": "CVE-2019-0197",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/2",
"http://www.securityfocus.com/bid/107665",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://security.netapp.com/advisory/ntap-20190617-0002/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/4113-1/",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 4.2,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set \"H2Upgrade on\" are unaffected by this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"weakness": "CWE-444"
},
"CVE-2019-0211": {
"id": "CVE-2019-0211",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html",
"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html",
"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4.39",
"http://www.openwall.com/lists/oss-security/2019/04/02/3",
"http://www.openwall.com/lists/oss-security/2019/07/26/7",
"http://www.securityfocus.com/bid/107666",
"https://access.redhat.com/errata/RHBA-2019:0959",
"https://access.redhat.com/errata/RHSA-2019:0746",
"https://access.redhat.com/errata/RHSA-2019:0980",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://access.redhat.com/errata/RHSA-2019:1543",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E",
"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E",
"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E",
"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/16",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201904-20",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.f5.com/csp/article/K32957101",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.exploit-db.com/exploits/46676/",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.synology.com/security/advisory/Synology_SA_19_14"
],
"score": 7.8,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-416"
},
"CVE-2019-0215": {
"id": "CVE-2019-0215",
"references": [
"http://www.openwall.com/lists/oss-security/2019/04/02/4",
"http://www.securityfocus.com/bid/107667",
"https://access.redhat.com/errata/RHSA-2019:0980",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.f5.com/csp/article/K59440504",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2019-0217": {
"id": "CVE-2019-0217",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/5",
"http://www.securityfocus.com/bid/107668",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://bugzilla.redhat.com/show_bug.cgi?id=1695020",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/5",
"http://www.securityfocus.com/bid/107668",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://bugzilla.redhat.com/show_bug.cgi?id=1695020",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-362"
},
"CVE-2019-0220": {
"id": "CVE-2019-0220",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/6",
"http://www.securityfocus.com/bid/107670",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://access.redhat.com/errata/RHSA-2020:0250",
"https://access.redhat.com/errata/RHSA-2020:0251",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190625-0007/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/6",
"http://www.securityfocus.com/bid/107670",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://access.redhat.com/errata/RHSA-2020:0250",
"https://access.redhat.com/errata/RHSA-2020:0251",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190625-0007/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-706"
},
"CVE-2019-10081": {
"id": "CVE-2019-10081",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K84341091?utm_source=f5support&%3Butm_medium=RSS",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2019-10082": {
"id": "CVE-2019-10082",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-416"
},
"CVE-2019-10092": {
"id": "CVE-2019-10092",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/4",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://seclists.org/bugtraq/2019/Oct/24",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K30442259",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/4",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://seclists.org/bugtraq/2019/Oct/24",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K30442259",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-79"
},
"CVE-2019-10097": {
"id": "CVE-2019-10097",
"references": [
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.2,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the \"PROXY\" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-476"
},
"CVE-2019-10098": {
"id": "CVE-2019-10098",
"references": [
"http://www.openwall.com/lists/oss-security/2020/04/01/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://www.openwall.com/lists/oss-security/2020/04/01/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-601"
},
"CVE-2019-17567": {
"id": "CVE-2019-17567",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/2",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/2",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-444"
},
"CVE-2019-9517": {
"id": "CVE-2019-9517",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/7",
"https://access.redhat.com/errata/RHSA-2019:2893",
"https://access.redhat.com/errata/RHSA-2019:2925",
"https://access.redhat.com/errata/RHSA-2019:2939",
"https://access.redhat.com/errata/RHSA-2019:2946",
"https://access.redhat.com/errata/RHSA-2019:2949",
"https://access.redhat.com/errata/RHSA-2019:2950",
"https://access.redhat.com/errata/RHSA-2019:2955",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"https://kb.cert.org/vuls/id/605641/",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10296",
"https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190823-0003/",
"https://security.netapp.com/advisory/ntap-20190823-0005/",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K02591030",
"https://support.f5.com/csp/article/K02591030?utm_source=f5support&%3Butm_medium=RSS",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.synology.com/security/advisory/Synology_SA_19_33"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2020-11984": {
"id": "CVE-2020-11984",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html",
"http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/10",
"http://www.openwall.com/lists/oss-security/2020/08/08/8",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"http://www.openwall.com/lists/oss-security/2020/08/10/5",
"http://www.openwall.com/lists/oss-security/2020/08/17/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200814-0005/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-120"
},
"CVE-2020-11993": {
"id": "CVE-2020-11993",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html",
"http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200814-0005/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-444"
},
"CVE-2020-13938": {
"id": "CVE-2020-13938",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/3",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/3",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210702-0001/"
],
"score": 5.5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-862"
},
"CVE-2020-1927": {
"id": "CVE-2020-1927",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"http://www.openwall.com/lists/oss-security/2020/04/03/1",
"http://www.openwall.com/lists/oss-security/2020/04/04/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"http://www.openwall.com/lists/oss-security/2020/04/03/1",
"http://www.openwall.com/lists/oss-security/2020/04/04/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-601"
},
"CVE-2020-1934": {
"id": "CVE-2020-1934",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujul2020.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-908"
},
"CVE-2020-35452": {
"id": "CVE-2020-35452",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/5",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/5",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.3,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"weakness": "CWE-787"
},
"CVE-2020-9490": {
"id": "CVE-2020-9490",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html",
"http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200814-0005/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via \"H2Push off\" will mitigate this vulnerability for unpatched servers.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-444"
},
"CVE-2021-26690": {
"id": "CVE-2021-26690",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/6",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/6",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-26691": {
"id": "CVE-2021-26691",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/7",
"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/7",
"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-122"
},
"CVE-2021-33193": {
"id": "CVE-2021-33193",
"references": [
"https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch",
"https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/",
"https://portswigger.net/research/http2",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20210917-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2021-34798": {
"id": "CVE-2021-34798",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-36160": {
"id": "CVE-2021-36160",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2021-39275": {
"id": "CVE-2021-39275",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2021-40438": {
"id": "CVE-2021-40438",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 9,
"services": [
"80/http"
],
"severity": "critical",
"summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-918"
},
"CVE-2021-44224": {
"id": "CVE-2021-44224",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/3",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/3",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 8.2,
"services": [
"80/http"
],
"severity": "high",
"summary": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"weakness": "CWE-476"
},
"CVE-2021-44790": {
"id": "CVE-2021-44790",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2022-22719": {
"id": "CVE-2022-22719",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-665"
},
"CVE-2022-22720": {
"id": "CVE-2022-22720",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-22721": {
"id": "CVE-2022-22721",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-23943": {
"id": "CVE-2022-23943",
"references": [
"http://www.openwall.com/lists/oss-security/2022/03/14/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.tenable.com/security/tns-2022-08",
"https://www.tenable.com/security/tns-2022-09",
"http://www.openwall.com/lists/oss-security/2022/03/14/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.tenable.com/security/tns-2022-08",
"https://www.tenable.com/security/tns-2022-09"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-26377": {
"id": "CVE-2022-26377",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-444"
},
"CVE-2022-28330": {
"id": "CVE-2022-28330",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-125"
},
"CVE-2022-28614": {
"id": "CVE-2022-28614",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-190"
},
"CVE-2022-28615": {
"id": "CVE-2022-28615",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-190"
},
"CVE-2022-29404": {
"id": "CVE-2022-29404",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2022-30556": {
"id": "CVE-2022-30556",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2022-31813": {
"id": "CVE-2022-31813",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-348"
},
"CVE-2022-36760": {
"id": "CVE-2022-36760",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-37436": {
"id": "CVE-2022-37436",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-113"
},
"CVE-2023-25690": {
"id": "CVE-2023-25690",
"references": [
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01",
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2023-27522": {
"id": "CVE-2023-27522",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.nnSpecial characters in the origin response header can truncate/split the response forwarded to the client.nnn",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-444"
},
"CVE-2023-31122": {
"id": "CVE-2023-31122",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2023-45802": {
"id": "CVE-2023-45802",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.nnThis was found by the reporter during testing ofxa0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.nnUsers are recommended to upgrade to version 2.4.58, which fixes the issue.n",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2024-27316": {
"id": "CVE-2024-27316",
"references": [
"http://seclists.org/fulldisclosure/2024/Jul/18",
"http://www.openwall.com/lists/oss-security/2024/04/04/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://support.apple.com/kb/HT214119",
"https://www.openwall.com/lists/oss-security/2024/04/03/16"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2024-38474": {
"id": "CVE-2024-38474",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-116"
},
"CVE-2024-38476": {
"id": "CVE-2024-38476",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-829"
},
"CVE-2024-38477": {
"id": "CVE-2024-38477",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/10",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2024-40898": {
"id": "CVE-2024-40898",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2024/07/17/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240808-0006/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. ",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-918"
}
}
}