182.163.52.144
{
"scan_id": 1752318471,
"ip": "182.163.52.144",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.163.48.0/21",
"postal_code": "870-0831",
"coordinates": {
"latitude": "33.229",
"longitude": "131.6039"
},
"geo_point": "33.229, 131.6039",
"locale_code": "en",
"continent": "Asia",
"country_code": "JP",
"country_name": "Japan",
"city": "Ōita"
},
"location_updated_at": "2025-07-15T01:28:03Z",
"asn": {
"number": "AS10013",
"organization": "FreeBit Co.,Ltd.",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.163.48.0/20",
"organization": "FreeBit Co., Ltd.",
"descr": "FreeBit Co., Ltd.,\n13F E.Space Tower 3-6 Maruyama-cho,,\nShibuya-ku,Tokyo,Japan",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T19:04:38Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-07-15T01:28:03Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-07-15T06:49:35Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-07-15T01:28:03Z"
}
],
"hostnames": [
{
"name": "v-182-163-52-144.ub-freebit.net",
"last_updated_at": "2025-07-17T01:22:49.175620231Z"
}
],
"services": [
{
"port": 25,
"protocol": "tcp",
"name": "smtp",
"version": "",
"product": "Postfix smtpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:postfix:postfix",
"part": "a",
"vendor": "postfix",
"product": "postfix",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"smtp": {
"banner": "220-grasstor.z721.com ESMTP Postfix\r\n220 grasstor.z721.com ESMTP Postfix\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://certificates.starfieldtech.com/repository/sf_intermediate.crt"
],
"ocsp_urls": [
"http://ocsp.starfieldtech.com/"
]
},
"authority_key_id": "494b5227d11bbcf2a1216a627b51427a8ad7d556",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"cps": [
"https://certs.starfieldtech.com/repository/"
],
"id": "2.16.840.1.114414.1.7.23.1"
}
],
"crl_distribution_points": [
"http://crl.starfieldtech.com/sfs1-3.crl"
],
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"ssl.z721.com",
"www.ssl.z721.com"
]
},
"subject_key_id": "4c2a1b79086d1978410342f5b2c6cf630675f626"
},
"fingerprint_md5": "298806855D2AD102822FB1C8CF3032BB",
"fingerprint_sha1": "9C7AD3B5F71A4CF53A753260ECC36B1A02B2951C",
"fingerprint_sha256": "0F585251699B10A547A7E3B9208560F62A75861931D9CDC2C127775E97D0B4DF",
"issuer": {
"common_name": [
"Starfield Secure Certification Authority"
],
"country": [
"US"
],
"locality": [
"Scottsdale"
],
"organization": [
"Starfield Technologies, Inc."
],
"organizational_unit": [
"http://certificates.starfieldtech.com/repository"
],
"province": [
"Arizona"
],
"serial_number": [
"10688435"
]
},
"issuer_dn": "/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http:\\/\\/certificates.starfieldtech.com\\/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "2176988956831063",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": false,
"value": "YmRmNjYyYTEwOThjYTA2ZDczZGJlZjAwZmRlMWFlZWMzMDE0ZDMxYzUzY2Q1ODY4MzZjNzcwNmUzNjUyMzY3ZmY0NjkzMzBiZTI0NzA3OGRkMzczMTFjZDY5MmRlYzM2MjZhOTcyY2M5Nzk3ZTU3ODJkZmM1OTcxOTdiM2I4NTQ5ZjcyMWVlMDUwM2QzN2U4OGVmYjc3Zjk3ZDNhY2I5MjMxYzk3MzA1OWQ1MWNmYWU5ZmEwY2JlM2UzYzQ5ZjI0MGM0NWFmYWE5NTMyODY1Yjg3ODAyZmQ3NWY0MmNhNGUzYmNkMjlmYTY1NWYyYTc5Y2I3NmE4MzU0OWNmYTYzMjkyMjg1OTE1NDEyMWVlOGIwMThhYWE2YWU4OWNlYWVlOTA1ZmIxZGM1NTEzNjgxZWVlZmMyOWNhYjJhOTg5YjU5MWU0MWYwMjBlNWNkOTM3NjI5MzQ1YjdkOWJmODYwNGYwYTgwZTA2ZTcwNmVkZjNjMDY1NzE3MjZjODBhYmIwYWUzMzY4YjBhNjI1OGZjZTAxNGRiNjZhMWQzN2EzM2RmZWZiNjdjZTc5YTA4NmE3MjlhZmFiZTM2OWM1ZGE0NDdlOGI2YzA5ZWI5ZTQwZDRmN2E0YTA5MjVjYTFhM2Y3MWYwMjQ4NGQ1YzljODNlNjA3MjQ1NDRlNzcwYjZmN2Q="
},
"subject": {
"common_name": [
"ssl.z721.com"
],
"organization": [
"ssl.z721.com"
],
"organizational_unit": [
"Domain Control Validated"
]
},
"subject_alt_name": {
"dns_names": [
"ssl.z721.com",
"www.ssl.z721.com"
],
"extended_dns_names": [
{
"domain": "z721",
"fld": "z721.com",
"subdomain": "ssl",
"tld": "com"
},
{
"domain": "z721",
"fld": "z721.com",
"subdomain": "www.ssl",
"tld": "com"
}
]
},
"subject_dn": "/O=ssl.z721.com/OU=Domain Control Validated/CN=ssl.z721.com",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "1a1f0179d951a8aaa05b093b0f2b5c845a079d53e388952f00fe8bdfe00086b1",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhkZjIwYjY0OTM0MTAzZjZhZTUzMTIxZDlkMzIwYWYzYTA0NTkxMzViNDc4YmQ5NWFkZjlmZmI1MWI4NTFkYWJmNTJmZGI3NGI0NGU1NmViNTBjNGQ3YmVlYTQxN2FlNjNmYTg1YjQ2NjZiODRiYjA4YzJiN2RiOGMxODNhM2Q2ZjQzYTUzMjZiZDhkYjNiYmEzYTc2MWFiNTM2OGZmZjk4ZTk4NWM3YmE2Y2QwMzM2MDBmY2I1ZDQ4NTcxOTQ0ZDYzNjVmOTc2ZmEyMTc4ZjgxYTAyOTNhMzhjMWMzNzVjOGVhZmFmMjY2YTAxNDk0ODRhOTFkNGE0NDhjNmJkY2M3ODMyMTIyNGFhMTYyYWQyYzg0ODIzZWU4ZDcyYmYwNWNiMTI2MjgzYjBlMWNlYWQyZWFmYWVhNDRmOTZkZjBjMTlhY2JlOWUxMmQ3NTg4M2IyNDEwMzU2Y2E0MzlmNGMxM2MxMmE3MDk5ZDY1MTM4ZDRjZDU5YzBlZmRhMzBjODgwZDlhOTY2OTRhNTg3YmVhYjYyNzI3MTA1NmM3MGQ1MDQ4NzljZDllMTU1N2E0ODA0NjdmM2Y5NDRlMTcwOGQwOWYzZTVhNDEyYjA2ZTdjNTgzOTI3MDY4NzE0MzRmMmEzNDc0NWUyNzhjN2M0ODQ4MTg0MGVjZTIyYzRmNzk1ZA=="
}
},
"tbs_fingerprint": "b92a6a4271997a94eb38c4a88dfc7293719ff8d44d7e6bbf8fc95379cd818801",
"validation_level": "OV",
"validity": {
"length_seconds": 33353512,
"not_after": "2011-12-18T16:10:21",
"not_before": "2010-11-27T15:18:28"
},
"version": 2
},
"fingerprint_sha256": "0F585251699B10A547A7E3B9208560F62A75861931D9CDC2C127775E97D0B4DF",
"precert": false,
"raw": "MIIFfzCCBGegAwIBAgIHB7v1vXOtVzANBgkqhkiG9w0BAQUFADCB3DELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOTA3BgNVBAsTMGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeTExMC8GA1UEAxMoU3RhcmZpZWxkIFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMTA2ODg0MzUwHhcNMTAxMTI3MTUxODI4WhcNMTExMjE4MTYxMDIxWjBRMRUwEwYDVQQKEwxzc2wuejcyMS5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEVMBMGA1UEAxMMc3NsLno3MjEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yC2STQQP2rlMSHZ0yCvOgRZE1tHi9la35/7UbhR2r9S/bdLROVutQxNe+6kF65j+oW0ZmuEuwjCt9uMGDo9b0OlMmvY2zu6OnYatTaP/5jphce6bNAzYA/LXUhXGUTWNl+Xb6IXj4GgKTo4wcN1yOr68magFJSEqR1KRIxr3MeDISJKoWKtLISCPujXK/BcsSYoOw4c6tLq+upE+W3wwZrL6eEtdYg7JBA1bKQ59ME8EqcJnWUTjUzVnA79owyIDZqWaUpYe+q2JycQVscNUEh5zZ4VV6SARn8/lE4XCNCfPlpBKwbnxYOScGhxQ08qNHReJ4x8SEgYQOziLE95XQIDAQABo4IBzjCCAcowDwYDVR0TAQH/BAUwAwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20vc2ZzMS0zLmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W4BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wgY0GCCsGAQUFBwEBBIGAMH4wKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBQBggrBgEFBQcwAoZEaHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwKQYDVR0RBCIwIIIMc3NsLno3MjEuY29tghB3d3cuc3NsLno3MjEuY29tMB0GA1UdDgQWBBRMKht5CG0ZeEEDQvWyxs9jBnX2JjANBgkqhkiG9w0BAQUFAAOCAQEAvfZioQmMoG1z2+8A/eGu7DAU0xxTzVhoNsdwbjZSNn/0aTML4kcHjdNzEc1pLew2JqlyzJeX5Xgt/Flxl7O4VJ9yHuBQPTfojvt3+X06y5IxyXMFnVHPrp+gy+PjxJ8kDEWvqpUyhluHgC/XX0LKTjvNKfplXyp5y3aoNUnPpjKSKFkVQSHuiwGKqmronOrukF+x3FUTaB7u/CnKsqmJtZHkHwIOXNk3YpNFt9m/hgTwqA4G5wbt88BlcXJsgKuwrjNosKYlj84BTbZqHTejPf77Z855oIanKa+r42nF2kR+i2wJ655A1PekoJJcoaP3HwJITVycg+YHJFROdwtvfQ==",
"tags": [
"ov",
"trusted"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-16T23:22:39.956Z"
},
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "2.4.6",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.4.6",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.4\\.6",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "v-182-163-52-144.ub-freebit.net\n",
"body_murmur": -806942839,
"body_sha256": "4d694306e44748753b019011b1e0afdc9d69f60ccd8c2f67989d4efa5deecbc3",
"component": [
"Apache HTTP Server:2.4.6"
],
"content_length": 32,
"headers": {
"accept_ranges": [
"bytes"
],
"content_length": [
"32"
],
"content_type": [
"text/html"
],
"date": [
"Tue, 08 Jul 2025 10:02:02 GMT"
],
"etag": [
"\"20-48c6e2bfaf1c0\""
],
"last_modified": [
"Wed, 28 Jul 2010 08:11:59 GMT"
],
"server": [
"Apache/2.4.6"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.163.52.144",
"path": "",
"scheme": "http"
}
},
"status_code": 200
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2013-4352",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2013-5704",
"score": 5,
"severity": "medium"
}
],
"url": "http://182.163.52.144/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-08T10:02:03.436Z"
},
{
"port": 110,
"protocol": "tcp",
"name": "pop3",
"version": "",
"product": "Dovecot pop3d",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"pop3": {
"banner": "+OK Dovecot ready.\r\n"
},
"tls": {
"certificate": {
"extensions": {
"ns_cert_type": {
"ssl_server": true
}
},
"fingerprint_md5": "B441937CF37EE35CE3388FA4B1B01F83",
"fingerprint_sha1": "8259DEAE702237B7056A904F6577D5D8C51FB3BC",
"fingerprint_sha256": "8F020A555204F68DE53B0B2B62855157E39367FDACD275FF104AE9ADAF1DF1C6",
"issuer": {
"common_name": [
"imap.example.com"
],
"email_address": [
"[email protected]"
],
"organizational_unit": [
"IMAP server"
]
},
"issuer_dn": "/OU=IMAP server/CN=imap.example.com/[email protected]",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "17846040814480198984",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "OWM1NjVmY2MwODlmMmZhN2NlNDM5ZjNmZDgxMzI5NGE0ZjJmNjRlZGU5N2NlOTNhZjE0NGQwNmNiNjBlNTgzYWIwY2UxNmJiYjNiYmQwOWE3MWRiZmUwNDE2ZDA4NTJkOTA2YjJhMzI2ZDEyODk5NTI0ZDFlZTI2YTllOGZjZmMyNWZmNzRiNzViYTZkYWQ0MmNkOWI0M2YzNjJkOGYyZDc0YmQyMzIxZWNiMWQ3MzQ2OWNhY2I2NDA2MDczYjdjOTI2NDkyNTk5NWZjZTIxYTkwZWQ3ZTY2ZjYwMjU2MzAwOGE2OTA2Y2E4YmM2OGVlMWNlOGQ1N2Q3ODhjZDUwNg=="
},
"subject": {
"common_name": [
"imap.example.com"
],
"email_address": [
"[email protected]"
],
"organizational_unit": [
"IMAP server"
]
},
"subject_alt_name": {
"dns_names": [
"imap.example.com"
],
"extended_dns_names": [
{
"domain": "example",
"fld": "example.com",
"subdomain": "imap",
"tld": "com"
}
]
},
"subject_dn": "/OU=IMAP server/CN=imap.example.com/[email protected]",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "f1e7512d59a4e53163312c97a078ecce1958c8e39edcbc85e7a338ac1b3d5759",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 1024,
"modulus": "MHhkNzQ5YTM4MTc3OTY2ZDQzNzA1Njg4YzU0MjNiOWZjNTBlMGNlOGI5ZTVhNmZiMTAwMGRkZTRmM2I2YzNjNmMwM2YwZTY3N2IyZjc5NzMxYjc3NTg0ODhjOTM1NzE0ZDM1YmM1MmZjNDQyNjU1ZTA1OGMwNTRmYzRlYTM1OGRlOTM3MmZkNGIxOGM1ODQwNDA0M2QxYTI2ZDc5MjE3MzViZTEyMGQyNGFiM2M0NDQxOGVhZWZmODEwYjNkMzEyYTEwMjQwMWE1M2M2NWUxNTJhNjczOTM2YWYxZmE1OWNiZjQ4YTQxNTMzZDVjYTc1YWE4NGY3MTE5YzRmZmVjYzEx"
}
},
"tbs_fingerprint": "f2761fc73af8d6e9824b5f47f0323228845a65eb01ff90d214352f060c2bebbb",
"validation_level": "OV",
"validity": {
"length_seconds": 31536000,
"not_after": "2019-02-10T00:38:00",
"not_before": "2018-02-10T00:38:00"
},
"version": 2
},
"fingerprint_sha256": "8F020A555204F68DE53B0B2B62855157E39367FDACD275FF104AE9ADAF1DF1C6",
"precert": false,
"raw": "MIICQzCCAaygAwIBAgIJAPep35GCNw1IMA0GCSqGSIb3DQEBCwUAMFgxFDASBgNVBAsMC0lNQVAgc2VydmVyMRkwFwYDVQQDDBBpbWFwLmV4YW1wbGUuY29tMSUwIwYJKoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTE4MDIxMDAwMzgwMFoXDTE5MDIxMDAwMzgwMFowWDEUMBIGA1UECwwLSU1BUCBzZXJ2ZXIxGTAXBgNVBAMMEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdJo4F3lm1DcFaIxUI7n8UODOi55ab7EADd5PO2w8bAPw5ney95cxt3WEiMk1cU01vFL8RCZV4FjAVPxOo1jek3L9SxjFhAQEPRom15IXNb4SDSSrPERBjq7/gQs9MSoQJAGlPGXhUqZzk2rx+lnL9IpBUz1cp1qoT3EZxP/swRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOBgQCcVl/MCJ8vp85Dnz/YEylKTy9k7el86TrxRNBstg5YOrDOFruzu9Cacdv+BBbQhS2QayoybRKJlSTR7iap6Pz8Jf90t1um2tQs2bQ/Ni2PLXS9IyHssdc0acrLZAYHO3ySZJJZlfziGpDtfmb2AlYwCKaQbKi8aO4c6NV9eIzVBg==",
"tags": [
"ov",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-17T00:15:57.052Z"
},
{
"port": 143,
"protocol": "tcp",
"name": "imap",
"version": "",
"product": "Dovecot imapd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"imap": {
"banner": "* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.\r\n"
},
"tls": {
"certificate": {
"extensions": {
"ns_cert_type": {
"ssl_server": true
}
},
"fingerprint_md5": "B441937CF37EE35CE3388FA4B1B01F83",
"fingerprint_sha1": "8259DEAE702237B7056A904F6577D5D8C51FB3BC",
"fingerprint_sha256": "8F020A555204F68DE53B0B2B62855157E39367FDACD275FF104AE9ADAF1DF1C6",
"issuer": {
"common_name": [
"imap.example.com"
],
"email_address": [
"[email protected]"
],
"organizational_unit": [
"IMAP server"
]
},
"issuer_dn": "/OU=IMAP server/CN=imap.example.com/[email protected]",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "17846040814480198984",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "OWM1NjVmY2MwODlmMmZhN2NlNDM5ZjNmZDgxMzI5NGE0ZjJmNjRlZGU5N2NlOTNhZjE0NGQwNmNiNjBlNTgzYWIwY2UxNmJiYjNiYmQwOWE3MWRiZmUwNDE2ZDA4NTJkOTA2YjJhMzI2ZDEyODk5NTI0ZDFlZTI2YTllOGZjZmMyNWZmNzRiNzViYTZkYWQ0MmNkOWI0M2YzNjJkOGYyZDc0YmQyMzIxZWNiMWQ3MzQ2OWNhY2I2NDA2MDczYjdjOTI2NDkyNTk5NWZjZTIxYTkwZWQ3ZTY2ZjYwMjU2MzAwOGE2OTA2Y2E4YmM2OGVlMWNlOGQ1N2Q3ODhjZDUwNg=="
},
"subject": {
"common_name": [
"imap.example.com"
],
"email_address": [
"[email protected]"
],
"organizational_unit": [
"IMAP server"
]
},
"subject_alt_name": {
"dns_names": [
"imap.example.com"
],
"extended_dns_names": [
{
"domain": "example",
"fld": "example.com",
"subdomain": "imap",
"tld": "com"
}
]
},
"subject_dn": "/OU=IMAP server/CN=imap.example.com/[email protected]",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "f1e7512d59a4e53163312c97a078ecce1958c8e39edcbc85e7a338ac1b3d5759",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 1024,
"modulus": "MHhkNzQ5YTM4MTc3OTY2ZDQzNzA1Njg4YzU0MjNiOWZjNTBlMGNlOGI5ZTVhNmZiMTAwMGRkZTRmM2I2YzNjNmMwM2YwZTY3N2IyZjc5NzMxYjc3NTg0ODhjOTM1NzE0ZDM1YmM1MmZjNDQyNjU1ZTA1OGMwNTRmYzRlYTM1OGRlOTM3MmZkNGIxOGM1ODQwNDA0M2QxYTI2ZDc5MjE3MzViZTEyMGQyNGFiM2M0NDQxOGVhZWZmODEwYjNkMzEyYTEwMjQwMWE1M2M2NWUxNTJhNjczOTM2YWYxZmE1OWNiZjQ4YTQxNTMzZDVjYTc1YWE4NGY3MTE5YzRmZmVjYzEx"
}
},
"tbs_fingerprint": "f2761fc73af8d6e9824b5f47f0323228845a65eb01ff90d214352f060c2bebbb",
"validation_level": "OV",
"validity": {
"length_seconds": 31536000,
"not_after": "2019-02-10T00:38:00",
"not_before": "2018-02-10T00:38:00"
},
"version": 2
},
"fingerprint_sha256": "8F020A555204F68DE53B0B2B62855157E39367FDACD275FF104AE9ADAF1DF1C6",
"precert": false,
"raw": "MIICQzCCAaygAwIBAgIJAPep35GCNw1IMA0GCSqGSIb3DQEBCwUAMFgxFDASBgNVBAsMC0lNQVAgc2VydmVyMRkwFwYDVQQDDBBpbWFwLmV4YW1wbGUuY29tMSUwIwYJKoZIhvcNAQkBFhZwb3N0bWFzdGVyQGV4YW1wbGUuY29tMB4XDTE4MDIxMDAwMzgwMFoXDTE5MDIxMDAwMzgwMFowWDEUMBIGA1UECwwLSU1BUCBzZXJ2ZXIxGTAXBgNVBAMMEGltYXAuZXhhbXBsZS5jb20xJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJAZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdJo4F3lm1DcFaIxUI7n8UODOi55ab7EADd5PO2w8bAPw5ney95cxt3WEiMk1cU01vFL8RCZV4FjAVPxOo1jek3L9SxjFhAQEPRom15IXNb4SDSSrPERBjq7/gQs9MSoQJAGlPGXhUqZzk2rx+lnL9IpBUz1cp1qoT3EZxP/swRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQsFAAOBgQCcVl/MCJ8vp85Dnz/YEylKTy9k7el86TrxRNBstg5YOrDOFruzu9Cacdv+BBbQhS2QayoybRKJlSTR7iap6Pz8Jf90t1um2tQs2bQ/Ni2PLXS9IyHssdc0acrLZAYHO3ySZJJZlfziGpDtfmb2AlYwCKaQbKi8aO4c6NV9eIzVBg==",
"tags": [
"ov",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-16T17:02:05.509Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "2.4.6",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.4.6",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.4\\.6",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "v-182-163-52-144.ub-freebit.net\n",
"body_murmur": -806942839,
"body_sha256": "4d694306e44748753b019011b1e0afdc9d69f60ccd8c2f67989d4efa5deecbc3",
"component": [
"Apache HTTP Server:2.4.6"
],
"content_length": 32,
"headers": {
"accept_ranges": [
"bytes"
],
"content_length": [
"32"
],
"content_type": [
"text/html"
],
"date": [
"Wed, 16 Jul 2025 03:40:08 GMT"
],
"etag": [
"\"20-48c6e2bfaf1c0\""
],
"last_modified": [
"Wed, 28 Jul 2010 08:11:59 GMT"
],
"server": [
"Apache/2.4.6"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.163.52.144",
"path": "",
"scheme": "https"
}
},
"status_code": 200
},
"tls": {
"certificate": {
"extensions": {
"basic_constraints": {
"is_ca": true
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true,
"non_repudiation": true
}
},
"fingerprint_md5": "58FE1818C165D5E3EA0D3B6C456B9A14",
"fingerprint_sha1": "3E20B3EFA28C91E807726CE0E9679D708790A07B",
"fingerprint_sha256": "F9E430100BC4E112DA828D9B8DFE65A7F2DB12016A11014E9267881FFDAB7AA7",
"issuer": {
"common_name": [
"centos-7-x86_64-simple"
],
"country": [
"--"
],
"email_address": [
"root@centos-7-x86_64-simple"
],
"locality": [
"SomeCity"
],
"organization": [
"SomeOrganization"
],
"organizational_unit": [
"SomeOrganizationalUnit"
],
"province": [
"SomeState"
]
},
"issuer_dn": "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=centos-7-x86_64-simple/emailAddress=root@centos-7-x86_64-simple",
"jarm": "05d10d20d21d20d05c05d10d05d20d74fcf6501ae7a92319e575bfafd2a827",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "25531",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": true,
"value": "M2M3MDQ5NWFjNDM5MDVmNmNmYTViMmRiNDUwYjMzNTQ4Mjg1NGE2ZjcxMGEyODVjMGI0YzNkYzRiYTAyNzBjNDczZTI0YzNkOWFkMWNlNjdmZDg4YjlmODc0ZTE1NTE1MDc2ZmMwNGRhY2M2ZmJhM2YzNjdhOWQ1MWEwY2UxNmMzNmMwMDI3MTk4YTBhYjBjYzczYjNhMGUwOTg0MjAxMmEzMTIyMzQ4ZWZjOWIxN2NlMzY5YmY3YmFlNzU0Njc3MGQyMjM3MzQ5YTRlYjQ0NjFlOWQ0YTIyZDRkNmUyMGM5ZDdjYjZkZjNkODI2Nzg1MDMxODVmMDQ1ZTM3YzM4ZTZhYWEwZWYyZjE1ZDc0ZWE5NTllMWYzY2Q2MWRmYTg1NGMzNzMxNjRiMjA1MDI2OTA1NjJhOWFjZWNmNDUzMzQwZDA4YTBkMTU5NzkxNmU3NDY1OGJkNTlkZTk3MWQ2M2NiYzI5NDg5NWZiNzc4YzI2NjQ4YmU0YmY3ZGU0ZGQ3ZjMxN2I0NTZkMWNjZTkyZjc1ODBjODhmMGUyMzRmZDlkODY4NGM3NTE1ZDNlZmQxYWQxNWI1ZGY1NjhiMDQwNmZmMjg4NjFhZTUwZWQ4MWExMmE5YmFiMDcxYzgwOTk1MTkwYjY0Y2NlOWUxYjU5YzdiMWI5YzI1MjIxMDM0MjU="
},
"subject": {
"common_name": [
"centos-7-x86_64-simple"
],
"country": [
"--"
],
"email_address": [
"root@centos-7-x86_64-simple"
],
"locality": [
"SomeCity"
],
"organization": [
"SomeOrganization"
],
"organizational_unit": [
"SomeOrganizationalUnit"
],
"province": [
"SomeState"
]
},
"subject_alt_name": {
"dns_names": [
"centos-7-x86_64-simple"
],
"extended_dns_names": []
},
"subject_dn": "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=centos-7-x86_64-simple/emailAddress=root@centos-7-x86_64-simple",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "fce7e4fd7129fac774e9a2d95fbba1ce36c83f8ebfe6b10ae97718fe91f3ff38",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhiZWU3MWQ3ODdhZDVkYjU5ZjViMjNjYTc0ODJmYjkyNTkwOWQ4MzM1ZWVhNzkzZDFiNzk1MjZmYWVmZjJiZTBiZDU4MjBjNmM4MzUzNTY1NmNhYmEzYjUzYmQ2Y2RkYTc5ZTcwZWViZDA0NzBhMDQ4NTU3NDlhZGI2ZDJmNDRkZjAxMDQ2MTYzNzllYjdkZTIzZmJhOTJkNGQ0OTJlMTFiYmJlZDBhNzc5Nzc0MDE4Nzg1NTU1MTk5ZDMwMTUwNjc0NDg5NWZiOWI5NDQxMjNlYjM5NzRiNWQ5ZjI0YmNmNjZhNjUyNDQyZTJiOTM4MTQxZDA3MDM3YWIzNGQ3OWJjNDJlMTYyYmQ2MDNkNzYyZWI0ODFlYjdiZWM5NDkwYTljNmE3YmM5YmI1MzZlZDY0Nzg1MmZjZDhjYjViMzAyYzc1YzE3NzRjY2UyYWExOGM1M2FjZTk5YzZmZjY2MDQxMWEyNDFjNWY1ZTc2NmNhOWMwODMwMjQ2ZjU1OTE1OTJlMmVjZTE2OWVmODFjOGVkMjRlMDJlNTlhM2I2ZTE2YzM5Njg5NzA1NzEwYzUyNGQzMmU3ZDEwOGRjNTBlOTE4NWQ2NjljNzk2Y2Y5YWJjMTA0ODE4OWFlYzY4YWRjMTk1M2FiMjZmZDkyMmIwMGQxYWYxMTk2MmE3MGM4M2Y5OQ=="
}
},
"tbs_fingerprint": "d4b739b276236aabae820651253c83cb8bb561c35f2d138d1b6d953d95ee9129",
"validation_level": "OV",
"validity": {
"length_seconds": 31536000,
"not_after": "2015-09-09T05:48:41",
"not_before": "2014-09-09T05:48:41"
},
"version": 2
},
"fingerprint_sha256": "F9E430100BC4E112DA828D9B8DFE65A7F2DB12016A11014E9267881FFDAB7AA7",
"precert": false,
"raw": "MIIEEjCCAvqgAwIBAgICY7swDQYJKoZIhvcNAQELBQAwgb0xCzAJBgNVBAYTAi0tMRIwEAYDVQQIDAlTb21lU3RhdGUxETAPBgNVBAcMCFNvbWVDaXR5MRkwFwYDVQQKDBBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZTb21lT3JnYW5pemF0aW9uYWxVbml0MR8wHQYDVQQDDBZjZW50b3MtNy14ODZfNjQtc2ltcGxlMSowKAYJKoZIhvcNAQkBFhtyb290QGNlbnRvcy03LXg4Nl82NC1zaW1wbGUwHhcNMTQwOTA5MDU0ODQxWhcNMTUwOTA5MDU0ODQxWjCBvTELMAkGA1UEBhMCLS0xEjAQBgNVBAgMCVNvbWVTdGF0ZTERMA8GA1UEBwwIU29tZUNpdHkxGTAXBgNVBAoMEFNvbWVPcmdhbml6YXRpb24xHzAdBgNVBAsMFlNvbWVPcmdhbml6YXRpb25hbFVuaXQxHzAdBgNVBAMMFmNlbnRvcy03LXg4Nl82NC1zaW1wbGUxKjAoBgkqhkiG9w0BCQEWG3Jvb3RAY2VudG9zLTcteDg2XzY0LXNpbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7nHXh61dtZ9bI8p0gvuSWQnYM17qeT0beVJvrv8r4L1YIMbINTVlbKujtTvWzdp55w7r0EcKBIVXSa220vRN8BBGFjeet94j+6ktTUkuEbu+0Kd5d0AYeFVVGZ0wFQZ0SJX7m5RBI+s5dLXZ8kvPZqZSRC4rk4FB0HA3qzTXm8QuFivWA9di60get77JSQqcanvJu1Nu1keFL82MtbMCx1wXdMziqhjFOs6Zxv9mBBGiQcX152bKnAgwJG9VkVkuLs4WnvgcjtJOAuWaO24Ww5aJcFcQxSTTLn0QjcUOkYXWaceWz5q8EEgYmuxorcGVOrJv2SKwDRrxGWKnDIP5kCAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggEBADxwSVrEOQX2z6Wy20ULM1SChUpvcQooXAtMPcS6AnDEc+JMPZrRzmf9iLn4dOFVFQdvwE2sxvuj82ep1RoM4Ww2wAJxmKCrDMc7Og4JhCASoxIjSO/JsXzjab97rnVGdw0iNzSaTrRGHp1KItTW4gydfLbfPYJnhQMYXwReN8OOaqoO8vFddOqVnh881h36hUw3MWSyBQJpBWKprOz0UzQNCKDRWXkW50ZYvVnelx1jy8KUiV+3eMJmSL5L995N1/MXtFbRzOkvdYDIjw4jT9nYaEx1FdPv0a0Vtd9WiwQG/yiGGuUO2BoSqbqwccgJlRkLZMzp4bWcexucJSIQNCU=",
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2013-4352",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2013-5704",
"score": 5,
"severity": "medium"
}
],
"url": "https://182.163.52.144/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-16T03:40:13.783Z"
},
{
"port": 587,
"protocol": "tcp",
"name": "smtp",
"version": "",
"product": "Postfix smtpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:postfix:postfix",
"part": "a",
"vendor": "postfix",
"product": "postfix",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"smtp": {
"banner": "220 grasstor.z721.com ESMTP Postfix\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://certificates.starfieldtech.com/repository/sf_intermediate.crt"
],
"ocsp_urls": [
"http://ocsp.starfieldtech.com/"
]
},
"authority_key_id": "494b5227d11bbcf2a1216a627b51427a8ad7d556",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"cps": [
"https://certs.starfieldtech.com/repository/"
],
"id": "2.16.840.1.114414.1.7.23.1"
}
],
"crl_distribution_points": [
"http://crl.starfieldtech.com/sfs1-3.crl"
],
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"ssl.z721.com",
"www.ssl.z721.com"
]
},
"subject_key_id": "4c2a1b79086d1978410342f5b2c6cf630675f626"
},
"fingerprint_md5": "298806855D2AD102822FB1C8CF3032BB",
"fingerprint_sha1": "9C7AD3B5F71A4CF53A753260ECC36B1A02B2951C",
"fingerprint_sha256": "0F585251699B10A547A7E3B9208560F62A75861931D9CDC2C127775E97D0B4DF",
"issuer": {
"common_name": [
"Starfield Secure Certification Authority"
],
"country": [
"US"
],
"locality": [
"Scottsdale"
],
"organization": [
"Starfield Technologies, Inc."
],
"organizational_unit": [
"http://certificates.starfieldtech.com/repository"
],
"province": [
"Arizona"
],
"serial_number": [
"10688435"
]
},
"issuer_dn": "/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http:\\/\\/certificates.starfieldtech.com\\/repository/CN=Starfield Secure Certification Authority/serialNumber=10688435",
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "2176988956831063",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": false,
"value": "YmRmNjYyYTEwOThjYTA2ZDczZGJlZjAwZmRlMWFlZWMzMDE0ZDMxYzUzY2Q1ODY4MzZjNzcwNmUzNjUyMzY3ZmY0NjkzMzBiZTI0NzA3OGRkMzczMTFjZDY5MmRlYzM2MjZhOTcyY2M5Nzk3ZTU3ODJkZmM1OTcxOTdiM2I4NTQ5ZjcyMWVlMDUwM2QzN2U4OGVmYjc3Zjk3ZDNhY2I5MjMxYzk3MzA1OWQ1MWNmYWU5ZmEwY2JlM2UzYzQ5ZjI0MGM0NWFmYWE5NTMyODY1Yjg3ODAyZmQ3NWY0MmNhNGUzYmNkMjlmYTY1NWYyYTc5Y2I3NmE4MzU0OWNmYTYzMjkyMjg1OTE1NDEyMWVlOGIwMThhYWE2YWU4OWNlYWVlOTA1ZmIxZGM1NTEzNjgxZWVlZmMyOWNhYjJhOTg5YjU5MWU0MWYwMjBlNWNkOTM3NjI5MzQ1YjdkOWJmODYwNGYwYTgwZTA2ZTcwNmVkZjNjMDY1NzE3MjZjODBhYmIwYWUzMzY4YjBhNjI1OGZjZTAxNGRiNjZhMWQzN2EzM2RmZWZiNjdjZTc5YTA4NmE3MjlhZmFiZTM2OWM1ZGE0NDdlOGI2YzA5ZWI5ZTQwZDRmN2E0YTA5MjVjYTFhM2Y3MWYwMjQ4NGQ1YzljODNlNjA3MjQ1NDRlNzcwYjZmN2Q="
},
"subject": {
"common_name": [
"ssl.z721.com"
],
"organization": [
"ssl.z721.com"
],
"organizational_unit": [
"Domain Control Validated"
]
},
"subject_alt_name": {
"dns_names": [
"ssl.z721.com",
"www.ssl.z721.com"
],
"extended_dns_names": [
{
"domain": "z721",
"fld": "z721.com",
"subdomain": "ssl",
"tld": "com"
},
{
"domain": "z721",
"fld": "z721.com",
"subdomain": "www.ssl",
"tld": "com"
}
]
},
"subject_dn": "/O=ssl.z721.com/OU=Domain Control Validated/CN=ssl.z721.com",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "1a1f0179d951a8aaa05b093b0f2b5c845a079d53e388952f00fe8bdfe00086b1",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhkZjIwYjY0OTM0MTAzZjZhZTUzMTIxZDlkMzIwYWYzYTA0NTkxMzViNDc4YmQ5NWFkZjlmZmI1MWI4NTFkYWJmNTJmZGI3NGI0NGU1NmViNTBjNGQ3YmVlYTQxN2FlNjNmYTg1YjQ2NjZiODRiYjA4YzJiN2RiOGMxODNhM2Q2ZjQzYTUzMjZiZDhkYjNiYmEzYTc2MWFiNTM2OGZmZjk4ZTk4NWM3YmE2Y2QwMzM2MDBmY2I1ZDQ4NTcxOTQ0ZDYzNjVmOTc2ZmEyMTc4ZjgxYTAyOTNhMzhjMWMzNzVjOGVhZmFmMjY2YTAxNDk0ODRhOTFkNGE0NDhjNmJkY2M3ODMyMTIyNGFhMTYyYWQyYzg0ODIzZWU4ZDcyYmYwNWNiMTI2MjgzYjBlMWNlYWQyZWFmYWVhNDRmOTZkZjBjMTlhY2JlOWUxMmQ3NTg4M2IyNDEwMzU2Y2E0MzlmNGMxM2MxMmE3MDk5ZDY1MTM4ZDRjZDU5YzBlZmRhMzBjODgwZDlhOTY2OTRhNTg3YmVhYjYyNzI3MTA1NmM3MGQ1MDQ4NzljZDllMTU1N2E0ODA0NjdmM2Y5NDRlMTcwOGQwOWYzZTVhNDEyYjA2ZTdjNTgzOTI3MDY4NzE0MzRmMmEzNDc0NWUyNzhjN2M0ODQ4MTg0MGVjZTIyYzRmNzk1ZA=="
}
},
"tbs_fingerprint": "b92a6a4271997a94eb38c4a88dfc7293719ff8d44d7e6bbf8fc95379cd818801",
"validation_level": "OV",
"validity": {
"length_seconds": 33353512,
"not_after": "2011-12-18T16:10:21",
"not_before": "2010-11-27T15:18:28"
},
"version": 2
},
"fingerprint_sha256": "0F585251699B10A547A7E3B9208560F62A75861931D9CDC2C127775E97D0B4DF",
"precert": false,
"raw": "MIIFfzCCBGegAwIBAgIHB7v1vXOtVzANBgkqhkiG9w0BAQUFADCB3DELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOTA3BgNVBAsTMGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeTExMC8GA1UEAxMoU3RhcmZpZWxkIFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMTA2ODg0MzUwHhcNMTAxMTI3MTUxODI4WhcNMTExMjE4MTYxMDIxWjBRMRUwEwYDVQQKEwxzc2wuejcyMS5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEVMBMGA1UEAxMMc3NsLno3MjEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yC2STQQP2rlMSHZ0yCvOgRZE1tHi9la35/7UbhR2r9S/bdLROVutQxNe+6kF65j+oW0ZmuEuwjCt9uMGDo9b0OlMmvY2zu6OnYatTaP/5jphce6bNAzYA/LXUhXGUTWNl+Xb6IXj4GgKTo4wcN1yOr68magFJSEqR1KRIxr3MeDISJKoWKtLISCPujXK/BcsSYoOw4c6tLq+upE+W3wwZrL6eEtdYg7JBA1bKQ59ME8EqcJnWUTjUzVnA79owyIDZqWaUpYe+q2JycQVscNUEh5zZ4VV6SARn8/lE4XCNCfPlpBKwbnxYOScGhxQ08qNHReJ4x8SEgYQOziLE95XQIDAQABo4IBzjCCAcowDwYDVR0TAQH/BAUwAwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuc3RhcmZpZWxkdGVjaC5jb20vc2ZzMS0zLmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W4BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vY2VydHMuc3RhcmZpZWxkdGVjaC5jb20vcmVwb3NpdG9yeS8wgY0GCCsGAQUFBwEBBIGAMH4wKgYIKwYBBQUHMAGGHmh0dHA6Ly9vY3NwLnN0YXJmaWVsZHRlY2guY29tLzBQBggrBgEFBQcwAoZEaHR0cDovL2NlcnRpZmljYXRlcy5zdGFyZmllbGR0ZWNoLmNvbS9yZXBvc2l0b3J5L3NmX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAUSUtSJ9EbvPKhIWpie1FCeorX1VYwKQYDVR0RBCIwIIIMc3NsLno3MjEuY29tghB3d3cuc3NsLno3MjEuY29tMB0GA1UdDgQWBBRMKht5CG0ZeEEDQvWyxs9jBnX2JjANBgkqhkiG9w0BAQUFAAOCAQEAvfZioQmMoG1z2+8A/eGu7DAU0xxTzVhoNsdwbjZSNn/0aTML4kcHjdNzEc1pLew2JqlyzJeX5Xgt/Flxl7O4VJ9yHuBQPTfojvt3+X06y5IxyXMFnVHPrp+gy+PjxJ8kDEWvqpUyhluHgC/XX0LKTjvNKfplXyp5y3aoNUnPpjKSKFkVQSHuiwGKqmronOrukF+x3FUTaB7u/CnKsqmJtZHkHwIOXNk3YpNFt9m/hgTwqA4G5wbt88BlcXJsgKuwrjNosKYlj84BTbZqHTejPf77Z855oIanKa+r42nF2kR+i2wJ655A1PekoJJcoaP3HwJITVycg+YHJFROdwtvfQ==",
"tags": [
"ov",
"trusted"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-13T20:38:52.938Z"
},
{
"port": 993,
"protocol": "tcp",
"name": "imap",
"version": "2.0.11",
"product": "Dovecot imapd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot:2.0.11",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "2\\.0\\.11",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"cve": [
{
"id": "CVE-2011-1929",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-2011-2166",
"score": 6.5,
"severity": "medium"
},
{
"id": "CVE-2011-2167",
"score": 6.5,
"severity": "medium"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-12T16:12:23.952Z"
},
{
"port": 995,
"protocol": "tcp",
"name": "pop3",
"version": "",
"product": "Dovecot pop3d",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-07-16T08:09:19.287Z"
}
],
"services_hash": "c0909ad6fcfe80c381ac43bd704e871978848db63067dd6d28ea4cad8533f5ed",
"last_updated_at": "2025-07-17T00:15:57.052Z",
"banner": [
"smtp",
"tls",
"pop3",
"imap",
"http"
],
"is_vuln": true,
"cveDetails": {
"CVE-2006-20001": {
"id": "CVE-2006-20001",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://security.netapp.com/advisory/ntap-20230316-0005/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2011-1929": {
"id": "CVE-2011-1929",
"references": [
"http://dovecot.org/pipermail/dovecot/2011-May/059085.html",
"http://dovecot.org/pipermail/dovecot/2011-May/059086.html",
"http://hg.dovecot.org/dovecot-1.1/rev/3698dfe0f21c",
"http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061384.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060815.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060825.html",
"http://openwall.com/lists/oss-security/2011/05/18/4",
"http://openwall.com/lists/oss-security/2011/05/19/3",
"http://openwall.com/lists/oss-security/2011/05/19/6",
"http://osvdb.org/72495",
"http://secunia.com/advisories/44683",
"http://secunia.com/advisories/44712",
"http://secunia.com/advisories/44756",
"http://secunia.com/advisories/44771",
"http://secunia.com/advisories/44827",
"http://www.debian.org/security/2011/dsa-2252",
"http://www.dovecot.org/doc/NEWS-1.2",
"http://www.dovecot.org/doc/NEWS-2.0",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:101",
"http://www.redhat.com/support/errata/RHSA-2011-1187.html",
"http://www.securityfocus.com/bid/47930",
"http://www.ubuntu.com/usn/USN-1143-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=706286",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/67589",
"https://hermes.opensuse.org/messages/8581790"
],
"score": 5,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2011-2166": {
"id": "CVE-2011-2166",
"references": [
"http://dovecot.org/pipermail/dovecot/2011-May/059085.html",
"http://openwall.com/lists/oss-security/2011/05/18/4",
"http://rhn.redhat.com/errata/RHSA-2013-0520.html",
"http://secunia.com/advisories/52311",
"http://www.dovecot.org/doc/NEWS-2.0",
"http://www.securityfocus.com/bid/48003",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/67675"
],
"score": 6.5,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.",
"vector_string": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"weakness": "CWE-16"
},
"CVE-2011-2167": {
"id": "CVE-2011-2167",
"references": [
"http://dovecot.org/pipermail/dovecot/2011-May/059085.html",
"http://openwall.com/lists/oss-security/2011/05/18/4",
"http://rhn.redhat.com/errata/RHSA-2013-0520.html",
"http://secunia.com/advisories/52311",
"http://www.dovecot.org/doc/NEWS-2.0",
"http://www.securityfocus.com/bid/48003",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/67674"
],
"score": 6.5,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.",
"vector_string": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"weakness": "CWE-22"
},
"CVE-2011-4318": {
"id": "CVE-2011-4318",
"references": [
"http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1",
"http://rhn.redhat.com/errata/RHSA-2013-0520.html",
"http://secunia.com/advisories/46886",
"http://secunia.com/advisories/52311",
"http://www.dovecot.org/list/dovecot-news/2011-November/000200.html",
"http://www.openwall.com/lists/oss-security/2011/11/18/5",
"http://www.openwall.com/lists/oss-security/2011/11/18/7",
"https://bugs.gentoo.org/show_bug.cgi?id=390887",
"https://bugzilla.redhat.com/show_bug.cgi?id=754980"
],
"score": 5.8,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2013-2111": {
"id": "CVE-2013-2111",
"references": [
"http://secunia.com/advisories/53492",
"http://www.dovecot.org/list/dovecot-news/2013-May/000255.html",
"http://www.openwall.com/lists/oss-security/2013/05/24/1",
"http://www.securitytracker.com/id/1028585"
],
"score": 5,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2013-4352": {
"id": "CVE-2013-4352",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c?r1=1491564&r2=1523235&diff_format=h",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120604",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-Other"
},
"CVE-2013-5704": {
"id": "CVE-2013-5704",
"references": [
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://martin.swende.se/blog/HTTPChunked.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://rhn.redhat.com/errata/RHSA-2015-1249.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/66550",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://support.apple.com/HT205219",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://martin.swende.se/blog/HTTPChunked.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://rhn.redhat.com/errata/RHSA-2015-1249.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/66550",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://support.apple.com/HT205219"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-6171": {
"id": "CVE-2013-6171",
"references": [
"http://cpanel.net/tsr-2013-0010-full-disclosure/",
"http://secunia.com/advisories/54808",
"http://wiki2.dovecot.org/AuthDatabase/CheckPassword#Security",
"http://www.dovecot.org/list/dovecot-news/2013-November/000264.html",
"https://usn.ubuntu.com/3556-2/"
],
"score": 5.8,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"weakness": "CWE-287"
},
"CVE-2013-6438": {
"id": "CVE-2013-6438",
"references": [
"http://advisories.mageia.org/MGASA-2014-0135.html",
"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/58230",
"http://secunia.com/advisories/59315",
"http://secunia.com/advisories/59345",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h",
"http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"http://www.apache.org/dist/httpd/CHANGES_2.4.9",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/66303",
"http://www.ubuntu.com/usn/USN-2152-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2013-6438",
"https://support.apple.com/HT204659",
"https://support.apple.com/kb/HT6535"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2014-0098": {
"id": "CVE-2014-0098",
"references": [
"http://advisories.mageia.org/MGASA-2014-0135.html",
"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/58230",
"http://secunia.com/advisories/58915",
"http://secunia.com/advisories/59219",
"http://secunia.com/advisories/59315",
"http://secunia.com/advisories/59345",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h",
"http://www-01.ibm.com/support/docview.wss?uid=swg21668973",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"http://www.apache.org/dist/httpd/CHANGES_2.4.9",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/66303",
"http://www.ubuntu.com/usn/USN-2152-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0098",
"https://support.apple.com/HT204659",
"https://support.apple.com/kb/HT6535"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2014-0117": {
"id": "CVE-2014-0117",
"references": [
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://seclists.org/fulldisclosure/2014/Jul/117",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://zerodayinitiative.com/advisories/ZDI-14-239/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120599",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT204659",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://seclists.org/fulldisclosure/2014/Jul/117",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://zerodayinitiative.com/advisories/ZDI-14-239/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120599",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT204659"
],
"score": 4.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2014-0118": {
"id": "CVE-2014-0118",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353&r2=1610501&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68745",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120601",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0118",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659"
],
"score": 4.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-400"
},
"CVE-2014-0226": {
"id": "CVE-2014-0226",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://seclists.org/fulldisclosure/2014/Jul/114",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998&r2=1610491&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989&r2=1610491&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.exploit-db.com/exploits/34133",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.osvdb.org/109216",
"http://www.securityfocus.com/bid/68678",
"http://zerodayinitiative.com/advisories/ZDI-14-236/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120603",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0226",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://www.povonsec.com/apache-2-4-7-exploit/"
],
"score": 6.8,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-362"
},
"CVE-2014-0231": {
"id": "CVE-2014-0231",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://secunia.com/advisories/60536",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0231",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://secunia.com/advisories/60536",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0231",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2014-3430": {
"id": "CVE-2014-3430",
"references": [
"http://advisories.mageia.org/MGASA-2014-0223.html",
"http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html",
"http://linux.oracle.com/errata/ELSA-2014-0790.html",
"http://permalink.gmane.org/gmane.mail.imap.dovecot/77499",
"http://rhn.redhat.com/errata/RHSA-2014-0790.html",
"http://secunia.com/advisories/59051",
"http://secunia.com/advisories/59537",
"http://secunia.com/advisories/59552",
"http://www.debian.org/security/2014/dsa-2954",
"http://www.mandriva.com/security/advisories?name=MDVSA-2015:113",
"http://www.openwall.com/lists/oss-security/2014/05/09/4",
"http://www.openwall.com/lists/oss-security/2014/05/09/8",
"http://www.securityfocus.com/bid/67306",
"http://www.ubuntu.com/usn/USN-2213-1"
],
"score": 5,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-287"
},
"CVE-2014-3523": {
"id": "CVE-2014-3523",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h",
"http://www.securityfocus.com/bid/68747",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2014-3581": {
"id": "CVE-2014-3581",
"references": [
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749",
"http://svn.apache.org/viewvc?view=revision&revision=1624234",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/71656",
"http://www.securitytracker.com/id/1031005",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1149709",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/97027",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-476"
},
"CVE-2014-8109": {
"id": "CVE-2014-8109",
"references": [
"http://advisories.mageia.org/MGASA-2015-0011.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html",
"http://www.openwall.com/lists/oss-security/2014/11/28/5",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.securityfocus.com/bid/73040",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=1174077",
"https://github.com/apache/httpd/commit/3f1693d558d0758f829c8b53993f1749ddf6ffcb",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=57204",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 4.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-863"
},
"CVE-2015-0228": {
"id": "CVE-2015-0228",
"references": [
"http://advisories.mageia.org/MGASA-2015-0099.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/73041",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
"https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://advisories.mageia.org/MGASA-2015-0099.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/73041",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
"https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2015-3183": {
"id": "CVE-2015-3183",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/75963",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/CVE-2015-3183",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/75963",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/CVE-2015-3183",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "CWE-17"
},
"CVE-2015-3185": {
"id": "CVE-2015-3185",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.securityfocus.com/bid/75965",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708",
"https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205217",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.securityfocus.com/bid/75965",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708",
"https://github.com/apache/httpd/commit/db81019ab88734ed35fa70294a0cfa7a19743f73",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205217",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 4.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-264"
},
"CVE-2015-3420": {
"id": "CVE-2015-3420",
"references": [
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158236.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158261.html",
"http://www.openwall.com/lists/oss-security/2015/04/27/1",
"http://www.openwall.com/lists/oss-security/2015/04/28/4",
"http://www.securityfocus.com/bid/74335",
"https://bugzilla.redhat.com/show_bug.cgi?id=1216057",
"https://dovecot.org/pipermail/dovecot-news/2015-May/000292.html",
"https://dovecot.org/pipermail/dovecot/2015-April/100618.html"
],
"score": 5.9,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-295"
},
"CVE-2016-0736": {
"id": "CVE-2016-0736",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95078",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.exploit-db.com/exploits/40961/",
"https://www.tenable.com/security/tns-2017-04",
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95078",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.exploit-db.com/exploits/40961/",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-310"
},
"CVE-2016-2161": {
"id": "CVE-2016-2161",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95076",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04",
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95076",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-2161",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-823"
},
"CVE-2016-4975": {
"id": "CVE-2016-4975",
"references": [
"http://www.securityfocus.com/bid/105093",
"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180926-0006/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us"
],
"score": 6.1,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-93"
},
"CVE-2016-5387": {
"id": "CVE-2016-5387",
"references": [
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-1625.html",
"http://rhn.redhat.com/errata/RHSA-2016-1648.html",
"http://rhn.redhat.com/errata/RHSA-2016-1649.html",
"http://rhn.redhat.com/errata/RHSA-2016-1650.html",
"http://www.debian.org/security/2016/dsa-3623",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"http://www.securityfocus.com/bid/91816",
"http://www.securitytracker.com/id/1036330",
"http://www.ubuntu.com/usn/USN-3038-1",
"https://access.redhat.com/errata/RHSA-2016:1420",
"https://access.redhat.com/errata/RHSA-2016:1421",
"https://access.redhat.com/errata/RHSA-2016:1422",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://access.redhat.com/errata/RHSA-2016:1851",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
"https://security.gentoo.org/glsa/201701-36",
"https://support.apple.com/HT208221",
"https://www.apache.org/security/asf-httpoxy-response.txt",
"https://www.tenable.com/security/tns-2017-04",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-1625.html",
"http://rhn.redhat.com/errata/RHSA-2016-1648.html",
"http://rhn.redhat.com/errata/RHSA-2016-1649.html",
"http://rhn.redhat.com/errata/RHSA-2016-1650.html",
"http://www.debian.org/security/2016/dsa-3623",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"http://www.securityfocus.com/bid/91816",
"http://www.securitytracker.com/id/1036330",
"http://www.ubuntu.com/usn/USN-3038-1",
"https://access.redhat.com/errata/RHSA-2016:1420",
"https://access.redhat.com/errata/RHSA-2016:1421",
"https://access.redhat.com/errata/RHSA-2016:1422",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://access.redhat.com/errata/RHSA-2016:1851",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
"https://security.gentoo.org/glsa/201701-36",
"https://support.apple.com/HT208221",
"https://www.apache.org/security/asf-httpoxy-response.txt",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 8.1,
"services": [
"443/http"
],
"severity": "high",
"summary": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2016-8612": {
"id": "CVE-2016-8612",
"references": [
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.securityfocus.com/bid/94939",
"https://access.redhat.com/errata/RHSA-2017:0193",
"https://access.redhat.com/errata/RHSA-2017:0194",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"https://security.netapp.com/advisory/ntap-20180601-0005/",
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.securityfocus.com/bid/94939",
"https://access.redhat.com/errata/RHSA-2017:0193",
"https://access.redhat.com/errata/RHSA-2017:0194",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"https://security.netapp.com/advisory/ntap-20180601-0005/"
],
"score": 4.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.",
"vector_string": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-20"
},
"CVE-2016-8652": {
"id": "CVE-2016-8652",
"references": [
"http://dovecot.org/pipermail/dovecot-news/2016-December/000333.html",
"http://www.openwall.com/lists/oss-security/2016/12/02/4",
"http://www.openwall.com/lists/oss-security/2016/12/05/12",
"http://www.securityfocus.com/bid/94639"
],
"score": 5.9,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-20"
},
"CVE-2016-8743": {
"id": "CVE-2016-8743",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95077",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1721",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04",
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95077",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1721",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2017-15130": {
"id": "CVE-2017-15130",
"references": [
"http://seclists.org/oss-sec/2018/q1/205",
"https://bugzilla.redhat.com/show_bug.cgi?id=1532356",
"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html",
"https://usn.ubuntu.com/3587-1/",
"https://usn.ubuntu.com/3587-2/",
"https://www.debian.org/security/2018/dsa-4130",
"https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
],
"score": 5.9,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2017-15132": {
"id": "CVE-2017-15132",
"references": [
"https://bugzilla.redhat.com/show_bug.cgi?id=1532768",
"https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch",
"https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html",
"https://usn.ubuntu.com/3556-1/",
"https://usn.ubuntu.com/3556-2/",
"https://www.debian.org/security/2018/dsa-4130",
"https://www.dovecot.org/list/dovecot-news/2018-February/000370.html"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-772"
},
"CVE-2017-15710": {
"id": "CVE-2017-15710",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/8",
"http://www.securityfocus.com/bid/103512",
"http://www.securitytracker.com/id/1040569",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2017-15715": {
"id": "CVE-2017-15715",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/6",
"http://www.securityfocus.com/bid/103525",
"http://www.securitytracker.com/id/1040570",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/6",
"http://www.securityfocus.com/bid/103525",
"http://www.securitytracker.com/id/1040570",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 8.1,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-20"
},
"CVE-2017-3167": {
"id": "CVE-2017-3167",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99135",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99135",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-287"
},
"CVE-2017-7679": {
"id": "CVE-2017-7679",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99170",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99170",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-126"
},
"CVE-2017-9788": {
"id": "CVE-2017-9788",
"references": [
"http://www.debian.org/security/2017/dsa-3913",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99569",
"http://www.securitytracker.com/id/1038906",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://httpd.apache.org/security/vulnerabilities_22.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20170911-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3913",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99569",
"http://www.securitytracker.com/id/1038906",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://httpd.apache.org/security/vulnerabilities_22.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20170911-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.1,
"services": [
"443/http"
],
"severity": "critical",
"summary": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-20"
},
"CVE-2017-9798": {
"id": "CVE-2017-9798",
"references": [
"http://openwall.com/lists/oss-security/2017/09/18/2",
"http://www.debian.org/security/2017/dsa-3980",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/100872",
"http://www.securityfocus.com/bid/105598",
"http://www.securitytracker.com/id/1039387",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"https://github.com/hannob/optionsbleed",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0003/",
"https://support.apple.com/HT208331",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"https://www.exploit-db.com/exploits/42745/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09",
"http://openwall.com/lists/oss-security/2017/09/18/2",
"http://www.debian.org/security/2017/dsa-3980",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/100872",
"http://www.securityfocus.com/bid/105598",
"http://www.securitytracker.com/id/1039387",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"https://github.com/hannob/optionsbleed",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0003/",
"https://support.apple.com/HT208331",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"https://www.exploit-db.com/exploits/42745/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-416"
},
"CVE-2018-1283": {
"id": "CVE-2018-1283",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/4",
"http://www.securityfocus.com/bid/103520",
"http://www.securitytracker.com/id/1040568",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/4",
"http://www.securityfocus.com/bid/103520",
"http://www.securitytracker.com/id/1040568",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2018-1301": {
"id": "CVE-2018-1301",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"443/http"
],
"severity": "medium",
"summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-119"
},
"CVE-2018-1302": {
"id": "CVE-2018-1302",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"443/http"
],
"severity": "medium",
"summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2018-1303": {
"id": "CVE-2018-1303",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2018-1312": {
"id": "CVE-2018-1312",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/7",
"http://www.securityfocus.com/bid/103524",
"http://www.securitytracker.com/id/1040571",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://access.redhat.com/errata/RHSA-2019:1898",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-287"
},
"CVE-2018-17199": {
"id": "CVE-2018-17199",
"references": [
"http://www.securityfocus.com/bid/106742",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09",
"http://www.securityfocus.com/bid/106742",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.gentoo.org/glsa/201903-21",
"https://security.netapp.com/advisory/ntap-20190125-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-384"
},
"CVE-2019-0217": {
"id": "CVE-2019-0217",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/5",
"http://www.securityfocus.com/bid/107668",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://bugzilla.redhat.com/show_bug.cgi?id=1695020",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/5",
"http://www.securityfocus.com/bid/107668",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:3932",
"https://access.redhat.com/errata/RHSA-2019:3933",
"https://access.redhat.com/errata/RHSA-2019:3935",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://bugzilla.redhat.com/show_bug.cgi?id=1695020",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190423-0001/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-362"
},
"CVE-2019-0220": {
"id": "CVE-2019-0220",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/6",
"http://www.securityfocus.com/bid/107670",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://access.redhat.com/errata/RHSA-2020:0250",
"https://access.redhat.com/errata/RHSA-2020:0251",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190625-0007/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html",
"http://www.openwall.com/lists/oss-security/2019/04/02/6",
"http://www.securityfocus.com/bid/107670",
"https://access.redhat.com/errata/RHSA-2019:2343",
"https://access.redhat.com/errata/RHSA-2019:3436",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://access.redhat.com/errata/RHSA-2020:0250",
"https://access.redhat.com/errata/RHSA-2020:0251",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/",
"https://seclists.org/bugtraq/2019/Apr/5",
"https://security.netapp.com/advisory/ntap-20190625-0007/",
"https://support.f5.com/csp/article/K44591505",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us",
"https://usn.ubuntu.com/3937-1/",
"https://www.debian.org/security/2019/dsa-4422",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-706"
},
"CVE-2019-10092": {
"id": "CVE-2019-10092",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/4",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://seclists.org/bugtraq/2019/Oct/24",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K30442259",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html",
"http://www.openwall.com/lists/oss-security/2019/08/15/4",
"http://www.openwall.com/lists/oss-security/2020/08/08/1",
"http://www.openwall.com/lists/oss-security/2020/08/08/9",
"https://access.redhat.com/errata/RHSA-2019:4126",
"https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0a83b112cd9701ef8a2061c8ed557f3dc9bb774d4da69fbb91bbc3c4%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html",
"https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/",
"https://seclists.org/bugtraq/2019/Aug/47",
"https://seclists.org/bugtraq/2019/Oct/24",
"https://security.gentoo.org/glsa/201909-04",
"https://security.netapp.com/advisory/ntap-20190905-0003/",
"https://support.f5.com/csp/article/K30442259",
"https://usn.ubuntu.com/4113-1/",
"https://www.debian.org/security/2019/dsa-4509",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.1,
"services": [
"443/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-79"
},
"CVE-2019-10098": {
"id": "CVE-2019-10098",
"references": [
"http://www.openwall.com/lists/oss-security/2020/04/01/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"http://www.openwall.com/lists/oss-security/2020/04/01/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
],
"score": 6.1,
"services": [
"443/http"
],
"severity": "medium",
"summary": "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-601"
},
"CVE-2019-10691": {
"id": "CVE-2019-10691",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00000.html",
"http://www.openwall.com/lists/oss-security/2019/04/18/3",
"https://dovecot.org/list/dovecot-news/2019-April/000406.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/",
"https://security.gentoo.org/glsa/201908-29"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2019-11500": {
"id": "CVE-2019-11500",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00024.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00026.html",
"http://www.openwall.com/lists/oss-security/2019/08/28/3",
"https://access.redhat.com/errata/RHSA-2019:2822",
"https://access.redhat.com/errata/RHSA-2019:2836",
"https://access.redhat.com/errata/RHSA-2019:2885",
"https://dovecot.org/pipermail/dovecot-news/2019-August/000417.html",
"https://lists.debian.org/debian-lts-announce/2019/08/msg00035.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GYTZLLDNIFWT7D7JSB25ERJNMOR4CQ3/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVHY3MU2OK2EWZJFGNDSAOMD42L7DFPX/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSJVVVRAE3SITC2ZLGCPMFDN3WVYZBWF/",
"https://security.gentoo.org/glsa/201908-29",
"https://www.dovecot.org/security.html"
],
"score": 9.8,
"services": [
"993/imap"
],
"severity": "critical",
"summary": "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2019-17567": {
"id": "CVE-2019-17567",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/2",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/2",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-444"
},
"CVE-2019-19722": {
"id": "CVE-2019-19722",
"references": [
"http://www.openwall.com/lists/oss-security/2019/12/13/3",
"https://dovecot.org/list/dovecot-news/2019-December/000428.html",
"https://dovecot.org/pipermail/dovecot-news/2019-December/000428.html",
"https://dovecot.org/security.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PPB7PG5BM3MC5ZF2KHQ3UR7CZIO42BB/"
],
"score": 5.3,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-476"
},
"CVE-2019-3814": {
"id": "CVE-2019-3814",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html",
"https://access.redhat.com/errata/RHSA-2019:3467",
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/",
"https://security.gentoo.org/glsa/201904-19",
"https://www.dovecot.org/list/dovecot/2019-February/114575.html"
],
"score": 6.8,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"weakness": "CWE-295"
},
"CVE-2019-7524": {
"id": "CVE-2019-7524",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00060.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html",
"http://www.openwall.com/lists/oss-security/2019/03/28/1",
"http://www.securityfocus.com/bid/107672",
"https://dovecot.org/list/dovecot-news/2019-March/000403.html",
"https://dovecot.org/security.html",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00038.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/",
"https://seclists.org/bugtraq/2019/Mar/59",
"https://security.gentoo.org/glsa/201904-19",
"https://usn.ubuntu.com/3928-1/",
"https://www.debian.org/security/2019/dsa-4418"
],
"score": 7.8,
"services": [
"993/imap"
],
"severity": "high",
"summary": "In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.",
"vector_string": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-119"
},
"CVE-2020-10957": {
"id": "CVE-2020-10957",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html",
"http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html",
"http://seclists.org/fulldisclosure/2020/May/37",
"http://www.openwall.com/lists/oss-security/2020/05/18/1",
"https://dovecot.org/security",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/",
"https://usn.ubuntu.com/4361-1/",
"https://www.debian.org/security/2020/dsa-4690",
"https://www.openwall.com/lists/oss-security/2020/05/18/1"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2020-10958": {
"id": "CVE-2020-10958",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html",
"http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html",
"http://seclists.org/fulldisclosure/2020/May/37",
"http://www.openwall.com/lists/oss-security/2020/05/18/1",
"https://dovecot.org/security",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/",
"https://usn.ubuntu.com/4361-1/",
"https://www.debian.org/security/2020/dsa-4690",
"https://www.openwall.com/lists/oss-security/2020/05/18/1"
],
"score": 5.3,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-416"
},
"CVE-2020-10967": {
"id": "CVE-2020-10967",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00059.html",
"http://packetstormsecurity.com/files/157771/Open-Xchange-Dovecot-2.3.10-Null-Pointer-Dereference-Denial-Of-Service.html",
"http://seclists.org/fulldisclosure/2020/May/37",
"http://www.openwall.com/lists/oss-security/2020/05/18/1",
"https://dovecot.org/security",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTZN2VW55ZC2AQBGBJMLRJSZIKSB2NS6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVUWHUUAFPC6XGIXYFIPTNBXLHPNM4W6/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/",
"https://usn.ubuntu.com/4361-1/",
"https://www.debian.org/security/2020/dsa-4690",
"https://www.openwall.com/lists/oss-security/2020/05/18/1"
],
"score": 5.3,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-20"
},
"CVE-2020-11985": {
"id": "CVE-2020-11985",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200827-0002/",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.gentoo.org/glsa/202008-04",
"https://security.netapp.com/advisory/ntap-20200827-0002/",
"https://www.oracle.com/security-alerts/cpujan2021.html"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-345"
},
"CVE-2020-12100": {
"id": "CVE-2020-12100",
"references": [
"http://seclists.org/fulldisclosure/2021/Jan/18",
"http://www.openwall.com/lists/oss-security/2020/08/12/1",
"http://www.openwall.com/lists/oss-security/2021/01/04/3",
"https://dovecot.org/security",
"https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/",
"https://security.gentoo.org/glsa/202009-02",
"https://usn.ubuntu.com/4456-1/",
"https://usn.ubuntu.com/4456-2/",
"https://www.debian.org/security/2020/dsa-4745"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-674"
},
"CVE-2020-12673": {
"id": "CVE-2020-12673",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html",
"https://dovecot.org/security",
"https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/",
"https://security.gentoo.org/glsa/202009-02",
"https://usn.ubuntu.com/4456-1/",
"https://usn.ubuntu.com/4456-2/",
"https://www.debian.org/security/2020/dsa-4745",
"https://www.openwall.com/lists/oss-security/2020/08/12/2"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2020-12674": {
"id": "CVE-2020-12674",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00048.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00059.html",
"https://dovecot.org/security",
"https://lists.debian.org/debian-lts-announce/2020/08/msg00024.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4AAX2MJEULPVSRZOBX3PNPFSYP4FM4TT/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYZU6CHA3VMYYAUCMHSCCQKJEVEIKPQ2/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XKKAL3OMG76ZZ7CIEMQP2K6KCTD2RAKE/",
"https://security.gentoo.org/glsa/202009-02",
"https://usn.ubuntu.com/4456-1/",
"https://usn.ubuntu.com/4456-2/",
"https://www.debian.org/security/2020/dsa-4745",
"https://www.openwall.com/lists/oss-security/2020/08/12/3"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2020-13938": {
"id": "CVE-2020-13938",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/3",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/3",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r5fdc4fbbc7ddb816c843329a9accdcf284ade86e8d77b8c2a6d9bc30%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210702-0001/"
],
"score": 5.5,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows",
"vector_string": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-862"
},
"CVE-2020-1927": {
"id": "CVE-2020-1927",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"http://www.openwall.com/lists/oss-security/2020/04/03/1",
"http://www.openwall.com/lists/oss-security/2020/04/04/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"http://www.openwall.com/lists/oss-security/2020/04/03/1",
"http://www.openwall.com/lists/oss-security/2020/04/04/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 6.1,
"services": [
"443/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-601"
},
"CVE-2020-1934": {
"id": "CVE-2020-1934",
"references": [
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujul2020.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/",
"https://security.netapp.com/advisory/ntap-20200413-0002/",
"https://usn.ubuntu.com/4458-1/",
"https://www.debian.org/security/2020/dsa-4757",
"https://www.oracle.com/security-alerts/cpujul2020.html"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-908"
},
"CVE-2020-25275": {
"id": "CVE-2020-25275",
"references": [
"http://packetstormsecurity.com/files/160841/Dovecot-2.3.11.3-Denial-Of-Service.html",
"http://seclists.org/fulldisclosure/2021/Jan/18",
"http://www.openwall.com/lists/oss-security/2021/01/04/3",
"https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html",
"https://dovecot.org/security",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXDKFLOCUP7I4ELGQ2F4P5TGC6NXMYV7/",
"https://security.gentoo.org/glsa/202101-01",
"https://www.debian.org/security/2021/dsa-4825"
],
"score": 7.5,
"services": [
"993/imap"
],
"severity": "high",
"summary": "Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-20"
},
"CVE-2020-28200": {
"id": "CVE-2020-28200",
"references": [
"https://dovecot.org/security",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/",
"https://www.openwall.com/lists/oss-security/2021/06/28/3"
],
"score": 4.3,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-770"
},
"CVE-2020-35452": {
"id": "CVE-2020-35452",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/5",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/5",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.3,
"services": [
"443/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"weakness": "CWE-787"
},
"CVE-2021-26690": {
"id": "CVE-2021-26690",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/6",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/6",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rae406c1d19c0dfd3103c96923dadac2af1cd0bad6905ab1ede153865%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-26691": {
"id": "CVE-2021-26691",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/7",
"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2021/06/10/7",
"https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202107-38",
"https://security.netapp.com/advisory/ntap-20210702-0001/",
"https://www.debian.org/security/2021/dsa-4937",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuoct2021.html"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-122"
},
"CVE-2021-33515": {
"id": "CVE-2021-33515",
"references": [
"https://dovecot.org/security",
"https://lists.debian.org/debian-lts-announce/2022/09/msg00032.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/",
"https://security.gentoo.org/glsa/202107-41",
"https://www.openwall.com/lists/oss-security/2021/06/28/2"
],
"score": 4.8,
"services": [
"993/imap"
],
"severity": "medium",
"summary": "The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"weakness": "CWE-77"
},
"CVE-2021-34798": {
"id": "CVE-2021-34798",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-39275": {
"id": "CVE-2021-39275",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2021-40438": {
"id": "CVE-2021-40438",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 9,
"services": [
"443/http"
],
"severity": "critical",
"summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-918"
},
"CVE-2021-44790": {
"id": "CVE-2021-44790",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2022-22719": {
"id": "CVE-2022-22719",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-665"
},
"CVE-2022-22720": {
"id": "CVE-2022-22720",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-22721": {
"id": "CVE-2022-22721",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.1,
"services": [
"443/http"
],
"severity": "critical",
"summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-23943": {
"id": "CVE-2022-23943",
"references": [
"http://www.openwall.com/lists/oss-security/2022/03/14/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.tenable.com/security/tns-2022-08",
"https://www.tenable.com/security/tns-2022-09",
"http://www.openwall.com/lists/oss-security/2022/03/14/1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.tenable.com/security/tns-2022-08",
"https://www.tenable.com/security/tns-2022-09"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-26377": {
"id": "CVE-2022-26377",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-444"
},
"CVE-2022-28330": {
"id": "CVE-2022-28330",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-125"
},
"CVE-2022-28614": {
"id": "CVE-2022-28614",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-190"
},
"CVE-2022-28615": {
"id": "CVE-2022-28615",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.1,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-190"
},
"CVE-2022-29404": {
"id": "CVE-2022-29404",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2022-30556": {
"id": "CVE-2022-30556",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2022-31813": {
"id": "CVE-2022-31813",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-348"
},
"CVE-2022-36760": {
"id": "CVE-2022-36760",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-37436": {
"id": "CVE-2022-37436",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 5.3,
"services": [
"443/http"
],
"severity": "medium",
"summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-113"
},
"CVE-2023-25690": {
"id": "CVE-2023-25690",
"references": [
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01",
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2023-31122": {
"id": "CVE-2023-31122",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2023-45802": {
"id": "CVE-2023-45802",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 5.9,
"services": [
"443/http"
],
"severity": "medium",
"summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.nnThis was found by the reporter during testing ofxa0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.nnUsers are recommended to upgrade to version 2.4.58, which fixes the issue.n",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2024-38474": {
"id": "CVE-2024-38474",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-116"
},
"CVE-2024-38476": {
"id": "CVE-2024-38476",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 9.8,
"services": [
"443/http"
],
"severity": "critical",
"summary": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-829"
},
"CVE-2024-38477": {
"id": "CVE-2024-38477",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/",
"http://www.openwall.com/lists/oss-security/2024/07/01/10",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240712-0001/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2024-40898": {
"id": "CVE-2024-40898",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2024/07/17/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240808-0006/"
],
"score": 7.5,
"services": [
"443/http"
],
"severity": "high",
"summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. ",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-918"
}
}
}