182.162.91.205
{
"scan_id": 1770384002,
"ip": "182.162.91.205",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.162.64.0/19",
"postal_code": "",
"coordinates": {
"latitude": "37.5112",
"longitude": "126.9741"
},
"geo_point": "37.5112, 126.9741",
"locale_code": "en",
"continent": "Asia",
"country_code": "KR",
"country_name": "South Korea",
"city": ""
},
"location_updated_at": "2026-02-05T00:43:32Z",
"asn": {
"number": "AS3786",
"organization": "LG DACOM Corporation",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.162.0.0/16",
"organization": "LG DACOM KIDC",
"descr": "LG DACOM KIDC",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T19:03:53Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2026-02-05T00:43:32Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2026-02-05T04:32:21Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2026-02-05T00:43:32Z"
}
],
"services": [
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "2.4.29",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.4.29",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.4\\.29",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<html>\n <head>\n <title>Index of /</title>\n </head>\n <body>\n<h1>Index of /</h1>\n <table>\n <tr><th valign=\"top\"><img src=\"/icons/blank.gif\" alt=\"[ICO]\"></th><th><a href=\"?C=N;O=D\">Name</a></th><th><a href=\"?C=M;O=A\">Last modified</a></th><th><a href=\"?C=S;O=A\">Size</a></th><th><a href=\"?C=D;O=A\">Description</a></th></tr>\n <tr><th colspan=\"5\"><hr></th></tr>\n<tr><td valign=\"top\"><img src=\"/icons/unknown.gif\" alt=\"[ ]\"></td><td><a href=\"phpinfo.php\">phpinfo.php</a></td><td align=\"right\">2023-06-21 18:24 </td><td align=\"right\"> 15 </td><td> </td></tr>\n <tr><th colspan=\"5\"><hr></th></tr>\n</table>\n<address>Apache/2.4.29 (Ubuntu) Server at 182.162.91.205 Port 80</address>\n</body></html>\n",
"body_murmur": 159488863,
"body_sha256": "496a88497b0c65b2de09669e7ca81e06982f1519c82d80bdf53d9f1fdc25dfd9",
"component": [
"Apache HTTP Server:2.4.29",
"Ubuntu"
],
"content_length": -1,
"headers": {
"content_type": [
"text/html;charset=UTF-8"
],
"date": [
"Mon, 02 Feb 2026 17:28:36 GMT"
],
"server": [
"Apache/2.4.29 (Ubuntu)"
],
"vary": [
"Accept-Encoding"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.162.91.205",
"path": "",
"scheme": "http"
}
},
"status_code": 200,
"title": "Index of /"
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2017-15710",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2017-15715",
"score": 8.1,
"severity": "high"
}
],
"url": "http://182.162.91.205/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2026-02-02T17:28:36.835Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "2.4.29",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.4.29",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.4\\.29",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p>You don't have permission to access this resource.</p>\n<hr>\n<address>Apache/2.4.29 (Ubuntu) Server at 182.162.91.205 Port 443</address>\n</body></html>\n",
"body_murmur": -1771305208,
"body_sha256": "ed273eaf8faef5b7f538c1238e92d36506531e3f6c842513c537ea1f7421a397",
"component": [
"Ubuntu",
"Apache HTTP Server:2.4.29"
],
"content_length": 280,
"headers": {
"content_length": [
"280"
],
"content_type": [
"text/html; charset=iso-8859-1"
],
"date": [
"Mon, 02 Feb 2026 09:49:55 GMT"
],
"server": [
"Apache/2.4.29 (Ubuntu)"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.162.91.205",
"path": "",
"scheme": "https"
}
},
"status_code": 403,
"title": "403 Forbidden"
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://secure.globalsign.com/cacert/gsgccr6alphasslca2023.crt"
],
"ocsp_urls": [
"http://ocsp.globalsign.com/gsgccr6alphasslca2023"
]
},
"authority_key_id": "bd05b7f38a933c73cb79fa0f8512a17796189174",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
},
{
"cps": [
"https://www.globalsign.com/repository/"
],
"id": "1.3.6.1.4.1.4146.10.1.3"
}
],
"crl_distribution_points": [
"http://crl.globalsign.com/gsgccr6alphasslca2023.crl"
],
"ct_precert_scts": "Signed Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:\n F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A\n Timestamp : Nov 14 16:12:54.100 2024 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:5D:67:51:A5:EB:0C:72:F6:B7:40:99:03:\n 5B:83:18:46:04:AC:43:4F:3A:79:F4:96:14:FA:E7:68:\n 3F:3D:28:53:02:21:00:BC:3C:85:D9:C1:1C:C9:A8:A6:\n D8:91:61:5D:3A:BE:FE:D4:AA:21:73:E7:AC:2F:BB:15:\n C3:B8:3D:CC:BF:44:65\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:\n D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50\n Timestamp : Nov 14 16:12:54.419 2024 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:3A:ED:1E:5C:88:41:CC:5D:F4:51:0E:6F:\n 4C:06:DA:E6:F3:C7:48:FC:B5:F1:68:7C:4D:33:5A:AC:\n 7B:68:9F:47:02:21:00:E8:03:48:C6:7B:A4:AA:82:CB:\n 86:7F:C1:1D:2F:3C:36:FE:0D:1D:89:80:41:40:CE:E8:\n BC:FA:E1:E7:33:8D:AF\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:\n 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8\n Timestamp : Nov 14 16:12:54.348 2024 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:39:2B:C2:6A:21:6F:A9:CB:DA:37:E2:C7:\n 8A:FC:5E:C0:54:CE:32:B9:D2:63:66:56:1D:46:7A:03:\n E1:0D:D0:79:02:21:00:D5:A4:46:FB:C3:FA:98:69:F9:\n C0:D3:75:DC:28:B8:CE:A7:23:94:D5:E9:29:1C:6D:95:\n 75:48:87:A1:E8:52:56",
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"www.wsrf.co.kr",
"wsrf.co.kr"
]
},
"subject_key_id": "f330216536cf04bcb99d571b204b0ec79f8fccc1"
},
"fingerprint_md5": "CCACF78FBA949F519C1B8E4BBADDF712",
"fingerprint_sha1": "B39F683493BA32F3957D77FB99B98FB307F9F5C5",
"fingerprint_sha256": "6EA5526A6EE0BEE13879C621EE2F74DB49A92BFA24313E9FEFE626A124AD4E30",
"issuer": {
"common_name": [
"GlobalSign GCC R6 AlphaSSL CA 2023"
],
"country": [
"BE"
],
"organization": [
"GlobalSign nv-sa"
]
},
"issuer_dn": "/C=BE/O=GlobalSign nv-sa/CN=GlobalSign GCC R6 AlphaSSL CA 2023",
"jarm": "2ad2ad16d2ad2ad22c42d42d0000006f254909a73bf62f6b28507e9fb451b5",
"redacted": false,
"revocation": {
"crl": {
"next_update": "2026-02-09T10:48:34",
"reason": "UNKNOWN",
"revoked": false
},
"ocsp": {
"next_update": "2026-02-06T22:25:30",
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "20846823786423565552330142052",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "Y2QzMmY5MGQ5MTU0NzIxN2ZkY2NhNzQxNjY4YzNiZWNiMGUwYjgzOTViMGFjZDMxYjM2MDc5MDA1NzI3N2YwMzk0ZmExNDg4ZTAxMTkxODE3YjMxYmY3NDJhMDU2NjA0ZGU4NGU4M2ZkZTk3MDA4NWM1MmUxZmQ1M2U0OTlhMGJkOGIyODJjZTBkMWViNTNhNzBhZmU4NWY5ZDU0N2M5YWVlMTBmNDJlMDc4ODJiZDFjYTZkMThkMzQyNDJiOTVkNGY0MGY4MWVhZjVmMDNkNGY1NmNlYmE4NzczMDBkZGQ3M2MyYjU5MDBlN2Q1M2EwZGFkNjYxNTg0NTk0M2EzNzE3MDU0ZjYxOWRmYzViYTdiYzk1ODMwNWZiYWM5MmU0OWZmZGZlMTg5NTAyZDZkZjk1NDAxYzQ5MzY4MTBjYjc3YTQ2ODI5OGYzNGMzODMxYjkxZmNhYTAzMDNjMWUzMjczMzA1Y2NkMzMzODk1NmIxZjZiNTNkOWU0MjkwNTcyZDJkM2UyYzcxZWQ1MWYwM2IzMjZmNGJhYzA5Yjg3M2FmMzM0OWY2YzJiNjdiOWUxZDRjYjdmOGRlZjljMWM2ZTVmYWY1MDEwYTc4YmEyN2EzYWM2NWRjNGZkN2RhYTNhZDIyZWQxZjA5NTFlMGIyMmRlNTcwODczNDQyNTIzZjQ="
},
"signed_certificate_timestamps": [
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "12f14e34bd53724c840619c38f3f7a13f8e7b56287889c6d300584ebe586263a",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "304502205d6751a5eb0c72f6b74099035b83184604ac434f3a79f49614fae7683f3d2853022100bc3c85d9c11cc9a8a6d891615d3abefed4aa2173e7ac2fbb15c3b83dccbf4465"
},
"timestamp": "2024-11-14T16:12:54.100000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "e6d2316340778cc1104106d771b9cec1d240f6968486fbba87321dfd1e378e50",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "304502203aed1e5c8841cc5df4510e6f4c06dae6f3c748fcb5f1687c4d335aac7b689f47022100e80348c67ba4aa82cb867fc11d2f3c36fe0d1d89804140cee8bcfae1e7338daf"
},
"timestamp": "2024-11-14T16:12:54.419000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "7d591e12e1782a7b1c61677c5efdf8d0875c14a04e959eb9032fd90e8c2e79b8",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "30450220392bc26a216fa9cbda37e2c78afc5ec054ce32b9d26366561d467a03e10dd079022100d5a446fbc3fa9869f9c0d375dc28b8cea72394d5e9291c6d95754887a1e85256"
},
"timestamp": "2024-11-14T16:12:54.348000",
"version": "v1"
}
],
"signed_certificate_timestamps_oid": "1.3.6.1.4.1.11129.2.4.2",
"subject": {
"common_name": [
"www.wsrf.co.kr"
]
},
"subject_alt_name": {
"dns_names": [
"www.wsrf.co.kr",
"wsrf.co.kr"
],
"extended_dns_names": [
{
"domain": "wsrf",
"fld": "wsrf.co.kr",
"subdomain": "www",
"tld": "co.kr"
},
{
"domain": "wsrf",
"fld": "wsrf.co.kr",
"tld": "co.kr"
}
]
},
"subject_dn": "/CN=www.wsrf.co.kr",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "6feb70bf4e2cddfbdd5cea3a7ee9f7dc19ecc6974f8bc304d7c9eab70e07ddd4",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHg5OTdmMjE5YjAzMzdhZTc3NWM4YzI5YWM4NDAyYTY3NmM4ZmMyZWE4MTE4NTBkMjU1NDEzNWUzNGQ0NTBhOGFhM2Y5OTY4ZmEwZmNkMGEwM2RkODhjMWYzZDJkYjc2YjgxNTE0ZTdjNTBjNDRhZjkwOWRkOTk2YTlhMDY3ZWE4MmM0NjQ0NmFlZjA1N2Y4ZTdkY2NjYTZhMjIxMzQ2MTA2ZWMzM2NjZTk2YmU4OTJmZGU4NjU2NzZjNGUzNTRjMzFkY2JjOWE3ZGFkMjg3ZDNhNTcwNTFkMzQ4YzAyMWM0NjY3MDI4YWQ4ZWFmYTkzYTY3MDBmNDliNjhiMmQwNjFlYTgzY2ViODg4NGY1ZGJkODlmODM2NGI1NmZmOTNlYWZlOWRhN2M5ZGJiNTM5ZTRjNzc0Mzc0YTQ2ZTY3ZWM3MjIzZDE0YTExNzdkYzFmNmRhNjExODg4MWM1MDI1NGYxNmYxYjVkYzJmNjEzYTNiOGIyNDljNGE4NGQ3YjE1NDA5NjQzNDMzZWEzOWUzODI1NDRlOGJjMTA1N2M1ZTU0YjVjNzhiMmJlZmI3NzU5YzU5YTEzZWY1MzBlYmYwOTQxMmM4MzA0YzUwMDliNWRjOGM1ZGYxZWU0MjM3M2VkNDE2Nzg0OWZjMDU5NDc2MGQ5MmRkNzRiZTdhZTAyMGZmZA=="
}
},
"tbs_fingerprint": "2161555941ea53fa4ec0bea27b711b5ff7df18d01f76945aceb5074226e9164b",
"tbs_noct_fingerprint": "f29b9b18a903eb589ac9f2fca0683ca9fd8459a6d6d07fa210c921f7ae80a48d",
"validation_level": "DV",
"validity": {
"length_seconds": 34300800,
"not_after": "2025-12-16T16:12:51",
"not_before": "2024-11-14T16:12:52"
},
"version": 2
},
"fingerprint_sha256": "6EA5526A6EE0BEE13879C621EE2F74DB49A92BFA24313E9FEFE626A124AD4E30",
"precert": false,
"raw": "MIIGWzCCBUOgAwIBAgIMQ1wWpe7ip2MBIvFkMA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSswKQYDVQQDEyJHbG9iYWxTaWduIEdDQyBSNiBBbHBoYVNTTCBDQSAyMDIzMB4XDTI0MTExNDE2MTI1MloXDTI1MTIxNjE2MTI1MVowGTEXMBUGA1UEAxMOd3d3LndzcmYuY28ua3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZfyGbAzeud1yMKayEAqZ2yPwuqBGFDSVUE1401FCoqj+ZaPoPzQoD3YjB89LbdrgVFOfFDESvkJ3ZlqmgZ+qCxGRGrvBX+OfczKaiITRhBuwzzOlr6JL96GVnbE41TDHcvJp9rSh9OlcFHTSMAhxGZwKK2Or6k6ZwD0m2iy0GHqg864iE9dvYn4NktW/5Pq/p2nydu1OeTHdDdKRuZ+xyI9FKEXfcH22mEYiBxQJU8W8bXcL2E6O4sknEqE17FUCWQ0M+o544JUTovBBXxeVLXHiyvvt3WcWaE+9TDr8JQSyDBMUAm13Ixd8e5CNz7UFnhJ/AWUdg2S3XS+euAg/9AgMBAAGjggNlMIIDYTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADCBmQYIKwYBBQUHAQEEgYwwgYkwSQYIKwYBBQUHMAKGPWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZ2NjcjZhbHBoYXNzbGNhMjAyMy5jcnQwPAYIKwYBBQUHMAGGMGh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjZhbHBoYXNzbGNhMjAyMzBXBgNVHSAEUDBOMAgGBmeBDAECATBCBgorBgEEAaAyCgEDMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3NnY2NyNmFscGhhc3NsY2EyMDIzLmNybDAlBgNVHREEHjAcgg53d3cud3NyZi5jby5rcoIKd3NyZi5jby5rcjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUvQW384qTPHPLefoPhRKhd5YYkXQwHQYDVR0OBBYEFPMwIWU2zwS8uZ1XGyBLDsefj8zBMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZMrcvPUAAAEAwBHMEUCIF1nUaXrDHL2t0CZA1uDGEYErENPOnn0lhT652g/PShTAiEAvDyF2cEcyaim2JFhXTq+/tSqIXPnrC+7FcO4Pcy/RGUAdgDm0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39HjeOUAAAAZMrcvUTAAAEAwBHMEUCIDrtHlyIQcxd9FEOb0wG2ubzx0j8tfFofE0zWqx7aJ9HAiEA6ANIxnukqoLLhn/BHS88Nv4NHYmAQUDO6Lz64eczja8AdgB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55uAAAAZMrcvTMAAAEAwBHMEUCIDkrwmohb6nL2jfix4r8XsBUzjK50mNmVh1GegPhDdB5AiEA1aRG+8P6mGn5wNN13Ci4zqcjlNXpKRxtlXVIh6HoUlYwDQYJKoZIhvcNAQELBQADggEBAM0y+Q2RVHIX/cynQWaMO+yw4Lg5WwrNMbNgeQBXJ38DlPoUiOARkYF7Mb90KgVmBN6E6D/elwCFxS4f1T5JmgvYsoLODR61OnCv6F+dVHya7hD0LgeIK9HKbRjTQkK5XU9A+B6vXwPU9WzrqHcwDd1zwrWQDn1ToNrWYVhFlDo3FwVPYZ38W6e8lYMF+6yS5J/9/hiVAtbflUAcSTaBDLd6RoKY80w4MbkfyqAwPB4yczBczTM4lWsfa1PZ5CkFctLT4sce1R8Dsyb0usCbhzrzNJ9sK2e54dTLf43vnBxuX69QEKeLono6xl3E/X2qOtIu0fCVHgsi3lcIc0QlI/Q=",
"tags": [
"dv",
"trusted"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2017-15710",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2017-15715",
"score": 8.1,
"severity": "high"
}
],
"url": "https://182.162.91.205/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2026-02-02T22:25:38.687Z"
},
{
"port": 3306,
"protocol": "tcp",
"name": "mysql",
"version": "5.7.42-0ubuntu0.18.04.1",
"product": "MySQL",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:mysql:mysql:5.7.42-0ubuntu0.18.04.1",
"part": "a",
"vendor": "mysql",
"product": "mysql",
"version": "5\\.7\\.42\\-0ubuntu0\\.18\\.04\\.1",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"mysql": {
"capability_flags": {
"CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS": true,
"CLIENT_COMPRESS": true,
"CLIENT_CONNECT_ATTRS": true,
"CLIENT_CONNECT_WITH_DB": true,
"CLIENT_DEPRECATED_EOF": true,
"CLIENT_FOUND_ROWS": true,
"CLIENT_IGNORE_SIGPIPE": true,
"CLIENT_IGNORE_SPACE": true,
"CLIENT_INTERACTIVE": true,
"CLIENT_LOCAL_FILES": true,
"CLIENT_LONG_FLAG": true,
"CLIENT_LONG_PASSWORD": true,
"CLIENT_MULTI_RESULTS": true,
"CLIENT_MULTI_STATEMENTS": true,
"CLIENT_NO_SCHEMA": true,
"CLIENT_ODBC": true,
"CLIENT_PLUGIN_AUTH": true,
"CLIENT_PLUGIN_AUTH_LEN_ENC_CLIENT_DATA": true,
"CLIENT_PROTOCOL_41": true,
"CLIENT_PS_MULTI_RESULTS": true,
"CLIENT_RESERVED": true,
"CLIENT_SECURE_CONNECTION": true,
"CLIENT_SESSION_TRACK": true,
"CLIENT_SSL": true,
"CLIENT_TRANSACTIONS": true
},
"protocol_version": 10,
"version": "5.7.42-0ubuntu0.18.04.1"
},
"tls": {
"certificate": {
"extensions": {
"basic_constraints": {
"is_ca": true
}
},
"fingerprint_md5": "5D958EA86E54F2F574418168A18CC21B",
"fingerprint_sha1": "1871E216F8BF9B2F139912179D866EFF49E1CEDC",
"fingerprint_sha256": "E8AED936F30E0B8124C8615C6D3A96EF1903DA52A83E567D0DA72AEE5F971EA4",
"issuer": {
"common_name": [
"MySQL_Server_5.7.41_Auto_Generated_CA_Certificate"
]
},
"issuer_dn": "/CN=MySQL_Server_5.7.41_Auto_Generated_CA_Certificate",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "2",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "YTYwMGYyOTFiMjI1NTVkMmNkMzZkZWEyODZiZDRkNGFmZmY2ZDNkYjMwM2RiM2I5MzhiYmQ5YjRjOTZmNDRkZThiYjZjMzQxYTI1MjllNDQ5Y2MyYTVlZmEyNmEzZDI0YjZjNTNkNjliYjlkNjllOTEwN2U0MTBkODExNzQxMjc1MTNjYzNlZGI5NmM1ZjA3NjQwNTkxNTNkNTY3YjI2MzgxMWExNzIwZDBiY2U0MTVlYzA2NDYwMjllZjAwNmIzOGIzOTVlMjUyYTNkM2I2NzI3MTAyNzQ1MTUwMTJkYmRjZjYyNzIwNDQyYTU2MmE5MmFjOTk5ODhmODlhNmRjYTg4ZGRiYjkwYjYyZjZlNjA4ZDY2MjczZmYzYzc4NzAzMWMzZjBmYTIzODI3MzU1MzYyNTQ0Y2QyNGE0MDI4YzU4ZWM5ZjkwYmRmMTBiNzUzODIwMDc5NWFlYjQyZWUyMTgzMGFlNjg3MTllMWRhNmZmZWU1NzU4MGNlZmFiNjU2OWI2YWNiNzhhMWNkMjhiZDZkYzFlMWVhN2U4OTczNzM0Y2Y3ZmEyMGEwNDlmNWM2ODhhMDI4ODFjZDU3ZjI5OWFiMWZlNDAxMjIzZTczY2Y0NzA0MDY1NDU2Nzk1YmEyNTRlY2UzYTIxOTg3Y2Q3YzlmZmJlZDUzMjIyYmEzYTY="
},
"subject": {
"common_name": [
"MySQL_Server_5.7.41_Auto_Generated_Server_Certificate"
]
},
"subject_alt_name": {
"dns_names": [
"MySQL_Server_5.7.41_Auto_Generated_Server_Certificate"
],
"extended_dns_names": []
},
"subject_dn": "/CN=MySQL_Server_5.7.41_Auto_Generated_Server_Certificate",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "2d835e1d6f158294cacef1b3eed0354112c1f14d54b2b0a3792c4c14fd7996de",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhjODNjNGVlN2YzMTkyZGM4MTg1NDBmZTg4MGY5ZTdjNzFkMDQ0NTA4MWMwMDBmODQ1NTUxYmViMDRjYjRiNzczZjRjOWI5ZWE2OWU2ZGJiZjcwZjgxMTViNTZkNTJmZDg2YTk0NDhkYWRhMjZiMjNjOTM1ZmU3YjU3NTA0NjIzMDUyYzUxNDNiZGFhN2M4YmEyZjIxOTgxNGNlN2YzNDliOGNkYzE1OWI1MTY2YmQ1ZjIxOTZmZjkxZDE0NmVkN2Y1YjE5NzEzZjQyNjM0NDQwYzQ0NGI1YTkyNmJlYTgyM2M4MzY3OGIyYmU0YTlkM2MwYTU3YWZhNTBhYmFhMjAzZDhhOGVmNDNjMmIwNzk3NjE1MTlkMjliMWVlMzIzYTA4MzBmYTAyZTNiZmUxNTY1N2QyYTkxNGQyZjJkNmNlNmQ2MzBjNzgxOTljNTRkZjNkNjA4Y2Y1MDY1MWRiNzFhODFmNDZlZTU2MTQwMDIwZGMzM2FiZGI1ZWE1YTI1MGVmZGIwMDRmNGI2NzViNWQyZDcwMjFlMWQ0ZDVkY2M0ZmRjODAzN2Y0ODc2NTY4YTI3YTJkYTFmNDUzOTExOThmNTg5ZGNhOTZlM2RhZDY1NWM0Y2I4N2Y0N2E4ZGNmYzlkN2YxNTNmYjk3NmQ0Zjk0MzZhNTdlZGQyNWM5OGM2ZA=="
}
},
"tbs_fingerprint": "e3ded35a16bae471c64f9d06b04b1063a9809a7f12d1c8b185993b5b21ddff7b",
"validation_level": "DV",
"validity": {
"length_seconds": 315360000,
"not_after": "2033-04-07T14:23:47",
"not_before": "2023-04-10T14:23:47"
},
"version": 2
},
"fingerprint_sha256": "E8AED936F30E0B8124C8615C6D3A96EF1903DA52A83E567D0DA72AEE5F971EA4",
"precert": false,
"raw": "MIIDBzCCAe+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFNeVNRTF9TZXJ2ZXJfNS43LjQxX0F1dG9fR2VuZXJhdGVkX0NBX0NlcnRpZmljYXRlMB4XDTIzMDQxMDE0MjM0N1oXDTMzMDQwNzE0MjM0N1owQDE+MDwGA1UEAww1TXlTUUxfU2VydmVyXzUuNy40MV9BdXRvX0dlbmVyYXRlZF9TZXJ2ZXJfQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIPE7n8xktyBhUD+iA+efHHQRFCBwAD4RVUb6wTLS3c/TJuepp5tu/cPgRW1bVL9hqlEja2iayPJNf57V1BGIwUsUUO9qnyLovIZgUzn80m4zcFZtRZr1fIZb/kdFG7X9bGXE/QmNEQMREtakmvqgjyDZ4sr5KnTwKV6+lCrqiA9io70PCsHl2FRnSmx7jI6CDD6AuO/4VZX0qkU0vLWzm1jDHgZnFTfPWCM9QZR23GoH0buVhQAINwzq9tepaJQ79sAT0tnW10tcCHh1NXcxP3IA39IdlaKJ6LaH0U5EZj1idypbj2tZVxMuH9HqNz8nX8VP7l21PlDalft0lyYxtAgMBAAGjEDAOMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAKYA8pGyJVXSzTbeooa9TUr/9tPbMD2zuTi72bTJb0Tei7bDQaJSnkScwqXvomo9JLbFPWm7nWnpEH5BDYEXQSdRPMPtuWxfB2QFkVPVZ7JjgRoXINC85BXsBkYCnvAGs4s5XiUqPTtnJxAnRRUBLb3PYnIEQqViqSrJmYj4mm3KiN27kLYvbmCNZic/88eHAxw/D6I4JzVTYlRM0kpAKMWOyfkL3xC3U4IAeVrrQu4hgwrmhxnh2m/+5XWAzvq2Vptqy3ihzSi9bcHh6n6Jc3NM9/ogoEn1xoigKIHNV/KZqx/kASI+c89HBAZUVnlbolTs46IZh818n/vtUyIro6Y=",
"tags": [
"dv",
"trusted"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2026-02-07T04:55:06.821Z"
}
],
"services_hash": "4c5dc1984bd78c902221609b847479c8d7cc6c89d440ff932282a7c556244c40",
"last_updated_at": "2026-02-07T04:55:06.821Z",
"banner": [
"mysql",
"tls",
"http"
],
"is_vuln": true,
"cveDetails": {
"CVE-2006-20001": {
"id": "CVE-2006-20001",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://security.netapp.com/advisory/ntap-20230316-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2017-15710": {
"id": "CVE-2017-15710",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/8",
"http://www.securityfocus.com/bid/103512",
"http://www.securitytracker.com/id/1040569",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2017-15715": {
"id": "CVE-2017-15715",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/6",
"http://www.securityfocus.com/bid/103525",
"http://www.securitytracker.com/id/1040570",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/6",
"http://www.securityfocus.com/bid/103525",
"http://www.securitytracker.com/id/1040570",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 8.1,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-20"
},
"CVE-2018-11763": {
"id": "CVE-2018-11763",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html",
"http://www.securityfocus.com/bid/105414",
"http://www.securitytracker.com/id/1041713",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20190204-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2018-1283": {
"id": "CVE-2018-1283",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/4",
"http://www.securityfocus.com/bid/103520",
"http://www.securitytracker.com/id/1040568",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/4",
"http://www.securityfocus.com/bid/103520",
"http://www.securitytracker.com/id/1040568",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2018-1301": {
"id": "CVE-2018-1301",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-119"
},
"CVE-2018-1302": {
"id": "CVE-2018-1302",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2018-1303": {
"id": "CVE-2018-1303",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2018-1312": {
"id": "CVE-2018-1312",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/7",
"http://www.securityfocus.com/bid/103524",
"http://www.securitytracker.com/id/1040571",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://access.redhat.com/errata/RHSA-2019:1898",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-287"
},
"CVE-2018-1333": {
"id": "CVE-2018-1333",
"references": [
"http://www.securitytracker.com/id/1041402",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180926-0007/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-400"
},
"CVE-2018-17189": {
"id": "CVE-2018-17189",
"references": [
"http://www.securityfocus.com/bid/106685",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-400"
},
"CVE-2018-17199": {
"id": "CVE-2018-17199",
"references": [
"http://www.securityfocus.com/bid/106742",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09",
"http://www.securityfocus.com/bid/106742",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-384"
},
"CVE-2019-0196": {
"id": "CVE-2019-0196",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4.39",
"http://www.openwall.com/lists/oss-security/2019/04/02/1",
"http://www.securityfocus.com/bid/107669",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRYD6JMEJ6O3JKJZFNOYXMJJU5JMEJK/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTJPHI3E3OKW7OT7COQXVG7DE7IDQ2OT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190617-0002/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-416"
},
"CVE-2019-0211": {
"id": "CVE-2019-0211",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html",
"http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html",
"http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4.39",
"http://www.openwall.com/lists/oss-security/2019/04/02/3",
"http://www.openwall.com/lists/oss-security/2019/07/26/7",
"http://www.securityfocus.com/bid/107666",
"https://access.redhat.com/errata/RHBA-2019:0959",
"https://access.redhat.com/errata/RHSA-2019:0746",
"https://access.redhat.com/errata/RHSA-2019:0980",
"https://access.redhat.com/errata/RHSA-2019:1296",
"https://access.redhat.com/errata/RHSA-2019:1297",
"https://access.redhat.com/errata/RHSA-2019:1543",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E",
"https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E",
"https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E",
"https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/16",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201904-20",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.f5.com/csp/article/K32957101",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.exploit-db.com/exploits/46676/",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.synology.com/security/advisory/Synology_SA_19_14"
],
"score": 7.8,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-416"
},
"CVE-2019-0217": {
"id": "CVE-2019-0217",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/5",
"http://www.securityfocus.com/bid/107668",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://bugzilla.redhat.com/show_bug.cgi?id=1695020",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/5",
"http://www.securityfocus.com/bid/107668",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://bugzilla.redhat.com/show_bug.cgi?id=1695020",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-362"
},
"CVE-2019-0220": {
"id": "CVE-2019-0220",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/6",
"http://www.securityfocus.com/bid/107670",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://access.redhat.com/errata/RHSA-2020:0250",
"https://access.redhat.com/errata/RHSA-2020:0251",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190625-0007/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/6",
"http://www.securityfocus.com/bid/107670",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://access.redhat.com/errata/RHSA-2020:0250",
"https://access.redhat.com/errata/RHSA-2020:0251",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190625-0007/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-706"
},
"CVE-2019-10081": {
"id": "CVE-2019-10081",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K84341091?utm_source=f5support&%3Butm_medium=RSS",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with \"H2PushResource\", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2019-10082": {
"id": "CVE-2019-10082",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-416"
},
"CVE-2019-10092": {
"id": "CVE-2019-10092",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/4",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://seclists.org/bugtraq/2019/Oct/24",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K30442259",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/4",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://seclists.org/bugtraq/2019/Oct/24",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K30442259",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-79"
},
"CVE-2019-10098": {
"id": "CVE-2019-10098",
"references": [
"http://www.openwall.com/lists/oss-security/2020/04/01/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://www.openwall.com/lists/oss-security/2020/04/01/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-601"
},
"CVE-2019-17567": {
"id": "CVE-2019-17567",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/2",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/2",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-444"
},
"CVE-2019-9517": {
"id": "CVE-2019-9517",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/7",
"https://access.redhat.com/errata/RHSA-2019:2893",
"https://access.redhat.com/errata/RHSA-2019:2925",
"https://access.redhat.com/errata/RHSA-2019:2939",
"https://access.redhat.com/errata/RHSA-2019:2946",
"https://access.redhat.com/errata/RHSA-2019:2949",
"https://access.redhat.com/errata/RHSA-2019:2950",
"https://access.redhat.com/errata/RHSA-2019:2955",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md",
"https://kb.cert.org/vuls/id/605641/",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10296",
"https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190823-0003/",
"https://security.netapp.com/advisory/ntap-20190823-0005/",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K02591030",
"https://support.f5.com/csp/article/K02591030?utm_source=f5support&%3Butm_medium=RSS",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.synology.com/security/advisory/Synology_SA_19_33"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2020-11993": {
"id": "CVE-2020-11993",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html",
"http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200814-0005/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above \"info\" will mitigate this vulnerability for unpatched servers.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-444"
},
"CVE-2020-13938": {
"id": "CVE-2020-13938",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/3",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/3",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210702-0001/"
],
"score": 5.5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-862"
},
"CVE-2020-1927": {
"id": "CVE-2020-1927",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"http://www.openwall.com/lists/oss-security/2020/04/03/1",
"http://www.openwall.com/lists/oss-security/2020/04/04/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"http://www.openwall.com/lists/oss-security/2020/04/03/1",
"http://www.openwall.com/lists/oss-security/2020/04/04/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-601"
},
"CVE-2020-1934": {
"id": "CVE-2020-1934",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujul2020.html"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-908"
},
"CVE-2020-35452": {
"id": "CVE-2020-35452",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/5",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/5",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.3,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"weakness": "CWE-787"
},
"CVE-2020-9490": {
"id": "CVE-2020-9490",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html",
"http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0b6541c5fb2f8fb383861333400add7def625bc993300300de0b4f8d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r97d0faab6ed8fd0d439234b16d05d77b22a07b0c4817e7b3cca419cc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e485ce5a01c9dc3d4d785a7d28aa7400ead1e81884034ff1f03cfee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra4da876037477c06f2677d7a1e10b5a8613000fca99c813958070fe9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfed9fea918e090383da33e393eb6c2755fccf05032bd7d6eb4737c9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200814-0005/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via \"H2Push off\" will mitigate this vulnerability for unpatched servers.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-444"
},
"CVE-2021-26690": {
"id": "CVE-2021-26690",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/6",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/6",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-26691": {
"id": "CVE-2021-26691",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/7",
"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/7",
"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-122"
},
"CVE-2021-33193": {
"id": "CVE-2021-33193",
"references": [
"https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c.patch",
"https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2023/03/msg00002.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSM6UWQICBJ2TU727RENU3HBKEAFLT6T/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUVJVRJRBW5QVX4OY3NOHZDQ3B3YOTSG/",
"https://portswigger.net/research/http2",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20210917-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-Other"
},
"CVE-2021-34798": {
"id": "CVE-2021-34798",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-39275": {
"id": "CVE-2021-39275",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2021-40438": {
"id": "CVE-2021-40438",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40438"
],
"score": 9,
"services": [
"80/http"
],
"severity": "critical",
"summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-918"
},
"CVE-2021-44224": {
"id": "CVE-2021-44224",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/3",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/3",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 8.2,
"services": [
"80/http"
],
"severity": "high",
"summary": "A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"weakness": "CWE-476"
},
"CVE-2021-44790": {
"id": "CVE-2021-44790",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2022-22719": {
"id": "CVE-2022-22719",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-665"
},
"CVE-2022-22720": {
"id": "CVE-2022-22720",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-22721": {
"id": "CVE-2022-22721",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-23943": {
"id": "CVE-2022-23943",
"references": [
"http://www.openwall.com/lists/oss-security/2022/03/14/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.tenable.com/security/tns-2022-08",
"https://www.tenable.com/security/tns-2022-09",
"http://www.openwall.com/lists/oss-security/2022/03/14/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.tenable.com/security/tns-2022-08",
"https://www.tenable.com/security/tns-2022-09"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-26377": {
"id": "CVE-2022-26377",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-444"
},
"CVE-2022-28330": {
"id": "CVE-2022-28330",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-125"
},
"CVE-2022-28614": {
"id": "CVE-2022-28614",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-190"
},
"CVE-2022-28615": {
"id": "CVE-2022-28615",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-190"
},
"CVE-2022-29404": {
"id": "CVE-2022-29404",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2022-30556": {
"id": "CVE-2022-30556",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2022-31813": {
"id": "CVE-2022-31813",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-348"
},
"CVE-2022-36760": {
"id": "CVE-2022-36760",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-37436": {
"id": "CVE-2022-37436",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-113"
},
"CVE-2023-25690": {
"id": "CVE-2023-25690",
"references": [
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01",
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2023-31122": {
"id": "CVE-2023-31122",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2023-45802": {
"id": "CVE-2023-45802",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.nnThis was found by the reporter during testing ofxa0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.nnUsers are recommended to upgrade to version 2.4.58, which fixes the issue.n",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2024-27316": {
"id": "CVE-2024-27316",
"references": [
"http://seclists.org/fulldisclosure/2024/Jul/18",
"http://www.openwall.com/lists/oss-security/2024/04/04/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://support.apple.com/kb/HT214119",
"https://www.openwall.com/lists/oss-security/2024/04/03/16",
"http://seclists.org/fulldisclosure/2024/Jul/18",
"http://www.openwall.com/lists/oss-security/2024/04/04/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/",
"https://security.netapp.com/advisory/ntap-20240415-0013/",
"https://support.apple.com/kb/HT214119",
"https://www.kb.cert.org/vuls/id/421644",
"https://www.openwall.com/lists/oss-security/2024/04/03/16"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2024-38474": {
"id": "CVE-2024-38474",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-116"
},
"CVE-2024-38476": {
"id": "CVE-2024-38476",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://seclists.org/fulldisclosure/2024/Oct/11",
"http://www.openwall.com/lists/oss-security/2024/07/01/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-829"
},
"CVE-2024-38477": {
"id": "CVE-2024-38477",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://seclists.org/fulldisclosure/2024/Oct/11",
"http://www.openwall.com/lists/oss-security/2024/07/01/10",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2024-40898": {
"id": "CVE-2024-40898",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2024/07/17/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240808-0006/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. ",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-918"
}
}
}